- 최신
- 최다 투표
- 가장 많은 댓글
You can revoke tokens using the RevokeToken API. Revoking the refresh token also revokes all access tokens associated with it.
Keep in mind that JWTs are self contained and it is up to recipient of the JWT to validate if it has been revoked, if that is needed.
You may always revoke the JSON Web Token (JWT) using the RevokeToken API when the user logs out from the application. You may also configure a tighter JWT session if this is better for your application security. This can be configured from 5 minutes to 24 hours (1 day). It should be noted that when using the Amazon Cognito HostedUI, the session cookie is cached for a minimum of 1 hour and any access token configured for a shorter time would not be honored through the HostedUI.
You can find explicit details in the Amazon Cognito documentation on User Pool Access Tokens JWTs here: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-access-token.html
