Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Refreshing JWT Tokens misplaced in user pool authentication section

See original GitHub issue

Describe the bug Refreshing JWT Tokens section is misplaced in user pool federation section.

To Reproduce Steps to reproduce the behavior:

Go to https://aws-amplify.github.io/docs/js/authentication#react-components
Scroll to Refreshing JWT Tokens

Expected behavior

Talking about AWS credentials in the context of Cognito User Pools authentication does not apply.
This statement about automatic token refresh should be only in Cognito Identity Pool Federation as in https://aws-amplify.github.io/docs/js/authentication#token-refresh where Cognito does refresh tokens of Google/Facebook automatically to keep AWS credentials valid at all times.

Screenshots N/A

Additional context

Related issue where user asking why Facebook/Google tokens returned in user pool idp attribute mapping are not refreshed, during Cognito user pool own id/access tokens are refreshed.
User expected the above misplaced statement to mean that FB/Google tokens returned by attribute mapping (if any) would be refreshed as well.

Issue Analytics

State:
Created 4 years ago
Comments:6 (1 by maintainers)

Top GitHub Comments

1reaction

AdonousTechcommented, Mar 15, 2020

I get what you are saying, but you are viewing it very narrowly. I understand that identity federation is for authorizing access to AWS resources. When you use Federated Identities with a Cognito User Pool, the Cognito User Pool is a linked login (providing the Authentication piece). Have you used Federated Identities in conjunction with Cognito User Pools? The 2 are tightly integrated. Cognito User Pools is a Identity Provider for the Identity Pool.

For example, if I set up an IdentityPool, I pass in my Cognito User Pool as an identity provider (IdP). My authenticated CognitoUser assumes the Authenticated Role in my Identity Pool.

            "Type": "AWS::Cognito::IdentityPool",
            "DependsOn": ["UserPool","UserPoolClient"],
            "Properties": {
                "IdentityPoolName": {"Ref": "IdentityPoolName"},
                "AllowUnauthenticatedIdentities": false,
                "CognitoIdentityProviders": [
                    {
                        "ClientId": {"Ref": "UserPoolClient"},
                        "ProviderName": {"Fn::Join" : 
                            [ "", [ {"Fn::Sub": "cognito-idp.${AWS::Region}.amazonaws.com/"},
                                    {"Ref": "UserPool"}
                                  ] 
                            ] }
                    }
                ]
            }
        }

Anyhow, my question is specifically related to Identity Federation within Cognito User Pools (using LWA as an external identity provider for a Cognito User Pool). So, yes, it is not relevant to standalone Identity Pool Federation. I use a combination (as shown above). So, that could explain the confusion.

0reactions

mauerbaccommented, Mar 10, 2021

following up on this issue as it’s a year old. It looks like you originally linked to our old docs and auth has been re-organized here: https://docs.amplify.aws/lib/auth/advanced/q/platform/js.

Please open a new issue with feedback on this. Thank you