0

My React App uses AWS Cognito to create users in User Pool but currently after successful authorization session has endless lifetime. Now I need to implement checking session via Cognito Refresh Token.

On the server side (Nest.js) I'm using 'amazon-cognito-identity-js'. Once user is created successfully they performs Sign In flow via email/password and MFA code. Cognito Service returns accessToken, refreshToken and idToken but I have no idia how to handle it on the Client side. What should React app do to check is the token is valid and keep session alive? Please advice!

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Vyacheslav Fedorin
  • 143
  • 1
  • 11

1 Answers1

0

I know you said you've implemented the user creation/sign in already. However, honestly the best solution is to install the Amplify UI package and let it do all of this. They've spent years dealing with edge cases and ensuring the code is solid and secure. Just install the Amplify UI library, configure Amplify for your Cognito user pool, then wrap all components that require a user to be logged in with either the Authenticator component directly or the withAuthenticator higher-order component.

This will give you the user creation and sign in flow (including MFA creation with QR code), and ALSO handle populating the user object and storing/refreshing the accessToken as needed. Sample code here.

Nick K9
  • 3,885
  • 1
  • 29
  • 62
  • Thank you Nick! Yes, I know about Amplify UI and it looks really easer to implement refreshToken but with this approach I have to get rid of server implementation. This is a long way :( – Vyacheslav Fedorin Jun 23 '23 at 12:04