How can I force a cognito token refresh from the client

Question

I am using aws amplify and I know that the tokens get automatically refreshed when needed and that that is done behind the scenes.

What I need to do is change a custom attribute on the user in the cognito user pool via a Lambda backend process. This I can do, and it is working. However, the web client user never sees this new custom attribute and I am thinking the only way they can see it is if the token gets refreshed since the value is stored within the JWT token.

won't `currentCredentials` https://aws.github.io/aws-amplify/api//classes/auth_auth_.authclass.html#currentcredentials return up to date tokens for you? — iurii, Jan 28 '18 at 19:07

score 10 · Answer 1 · edited Jan 10 '23 at 19:12

10

The correct solution as of 2021 is to call:

await Auth.currentAuthenticatedUser({bypassCache: true})

edited Jan 10 '23 at 19:12

Youcef LAIDANI

55,661
15
90
140

answered May 21 '21 at 13:23

andreialecu

3,639
3
28
36

This is the answer! – Nick Jan 10 '23 at 19:06

score 2 · Answer 2 · answered Apr 10 '19 at 14:18

Here is how you can update tokens on demand (forcefully)

import { Auth } from 'aws-amplify';

try {
  const cognitoUser = await Auth.currentAuthenticatedUser();
  const currentSession = await Auth.currentSession();
  cognitoUser.refreshSession(currentSession.refreshToken, (err, session) => {
    console.log('session', err, session);
    const { idToken, refreshToken, accessToken } = session;
    // do whatever you want to do now :)
  });
} catch (e) {
  console.log('Unable to refresh Token', e);
}

score 0 · Answer 3 · edited May 25 '18 at 20:19

0

Like it's said here:

https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html

The access token and ID token are good for 1 hour. With Amplify you can get the info about the session using currentSession or currentUserInfo in Auth class to be able to retrieve information about tokens.

edited May 25 '18 at 20:19

Grant Miller

27,532
16
147
165

answered May 25 '18 at 19:12

Yassou

43
7

score 0 · Answer 4 · edited Aug 23 '21 at 21:49

0

Undocumented, but you can use the refreshSession method on the User. Your next call to currentAuthenticatedUser and currentSession will have updated profile attributes (and groups)

User = Auth.currentAuthenticatedUser()
Session =  Auth.currentSession()

User.refreshSession(Session.refreshToken)

edited Aug 23 '21 at 21:49

tofarr

7,682
5
22
30

answered Oct 10 '18 at 17:31

Nouman

410
1
8
15

2

Do you know which version of Amplify has this? In the version I'm using I get `User.refreshSession is not a function` – Dan Herman Oct 11 '18 at 13:47

score 0 · Answer 5 · answered Jan 10 '23 at 19:08

@andreialecu wrote the correct answer. For full code to get the JWT:

static async amplifyRefresh() {
    try {
      const currentUser = await Auth.currentAuthenticatedUser({ bypassCache: true })      
      const currentSession = await Auth.currentSession()      
      const jwt = currentSession.getIdToken().getJwtToken()
      // do what you want
    } catch (error) {
      console.log("error refreshing token: ", error)
      throw error
    }
  }

How can I force a cognito token refresh from the client

5 Answers5

Linked