1 Answer
- Newest
- Most votes
- Most comments
1
Suppose an user has logged in at 1 AM and Cognito has returned access, ID and refresh tokens after the user sign-in. If you call the RevokeToken API with that refresh token, then the initially issued access and ID tokens, the refresh token, and all access and ID tokens which were issued using that refresh token will be revoked.
Note: Only Cognito service is aware of the token revocation when you revoke token using RevokeToken API. However, your resource server will treat the token as valid until the token's expiry time breach. You may call GetUser API of Cognito to check whether a token is revoked or not. However, please consider the limit per second on number of GetUser API [1].
Relevant content
- asked 6 years ago
- asked 9 months ago
- asked a year ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago