Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Cognito access token not expiring after user logout

0

In our web application we are using cognito as a authenticator. Whenever user is logout from application access token is not expring it still validating another session. For security issues in our organisation we need to invalid the token after user log out from application

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon Cognito
Idioma
English
rePost-User-7602336
preguntada hace un año1148 visualizaciones
2 Respuestas
0

You can revoke tokens using the RevokeToken API. Revoking the refresh token also revokes all access tokens associated with it.

Keep in mind that JWTs are self contained and it is up to recipient of the JWT to validate if it has been revoked, if that is needed.

profile pictureAWS
Pontus Palmenas
respondido hace un año
0

You may always revoke the JSON Web Token (JWT) using the RevokeToken API when the user logs out from the application. You may also configure a tighter JWT session if this is better for your application security. This can be configured from 5 minutes to 24 hours (1 day). It should be noted that when using the Amazon Cognito HostedUI, the session cookie is cached for a minimum of 1 hour and any access token configured for a shorter time would not be honored through the HostedUI.

You can find explicit details in the Amazon Cognito documentation on User Pool Access Tokens JWTs here: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.html

AWS
Joe Melfi
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante