We can create an access token and refresh the token using the Cognito user pool (assume the access token timeout is set to 30 Minutes).
Usecase: Generated token two times one after another (T1, T2) as per the Cognito user pool system, both are valid for the next 30 minutes from the created time.
Output: Both tokens are valid for the next 30 minutes.
Expected Behavior: Once T2 is created, T1 must be an invalid token / expired.
Note: You can create T2 from the refresh token or else you can create a new access and refresh token, both having the same result as mentioned above.
How we can manage the tokenization approach in Cognito to overcome this issue? Is there any way or feature in Cognito to achieve this feature?
AWS 官方已更新 1 年前