3

I'm learning AWS Cognito and I'm using the js sdk.

Question: How can I verify if a user is authenticated and valid?

The online documentation explains how to validate a users token: 

if (cognitoUser != null) {
    cognitoUser.getSession(function(err, session) {
        if (err) {
           alert(err);
            return;
        }
        console.log('session validity: ' + session.isValid());

The problem here is that the session is valid, even though the user has been deactivated or deleted by an administrator. The above example are only using the local jwt token to validate the session. I want to know if session is valid and user has not been disabled/deleted.

How can that be achieved?

Vingtoft
  • 13,368
  • 23
  • 86
  • 135

1 Answers1

0

First you need to use cognitoUser.authenticateUser then you can use cognitoUser.getSession and pass the token to the backend. Refer this code: https://github.com/tensult/ngx-s3-upload/blob/master/src/app/auth/service.ts#L69

Dilip Kola
  • 202
  • 1
  • 7
  • Can you please be more specific, where in the linked code file is the solution to my problem? Is it line 204? Thanks! – Vingtoft Jun 12 '18 at 08:30
  • Sorry my bad, it is line 69 (I have updated the link in the answer also), it may be not the direct answer but you can refer this as it is using cognito authentication and it is powering our website https://apps.tensult.com/#/signin – Dilip Kola Jun 12 '18 at 08:53
  • 1
    for `authenticateUser` we need username & password. When user is opening app next time, we wont have access to these credentials, At that time , how to check if user is authenticated even if session is valid – Yusuf Aug 12 '21 at 04:32