1 Answer
- Newest
- Most votes
- Most comments
0
Log out only invalidates the session.
You can call the global sign out , this signs out users from all devices. It also invalidates all refresh tokens that Amazon Cognito has issued to a user.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GlobalSignOut.html
Alternatively : If you want to invalidate the refresh token then the /oauth2/revoke endpoint revokes all of the access tokens that the specified refresh token generated. This is a POST hence this would be a custom signout flow since the log out only supports HTTPS GET
https://docs.aws.amazon.com/cognito/latest/developerguide/revocation-endpoint.html
answered 2 years ago
Relevant content
- asked 9 months ago
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago