1

My understanding is that upon successful login Cognito provides my service three tokens for a user, access, ID and refresh. In order to verify a token I'm using jsonwebtoken (jwt.verify(accessToken, pem)). This is all fine, I'm able to verify a token and obtain a new access token with my refresh token if it's expired.

However, my accessToken is valid for one hour. If I want to revoke all of a users tokens using cognitoUser.globalSignOut(), that token will pass my JWT verification using the JWT library for 60 mins as that is all done server side.

Is there a way to send a token to AWS Cognito and ask "Hey is this Token still valid?"

Tom J
  • 11
  • 1

1 Answers1

0

This thread might help you understand how a call to globalSignOut() affects the validity of the 3 tokens.

Is it possible to revoke AWS Cognito IdToken?

Cognito does not have an API to check the validity of the token. You will have to call one of your APIs and check if the call was successful or not.

Murali Allada
  • 21,718
  • 4
  • 19
  • 21