With our team, we are thinking about how to implement the refresh token rotation and reuse detection strategies in our authentication layer.
We want to use cognito for user authentication but we are dealing with how to apply those strategies to cognito.
One question we have is: Can we access to the cognito tokens database? I mean, if there is a way to connect to that database where cognito store the tokens (access, refresh and id tokens) and modify them.
Another possible solution is to use Auth0 solution to authenticate our users and use those strategies (rotation and reuse detection) but we are planning to have a lot of users (+100.000) and the cost could be a problem.
What solution/framework/service would you recommend us to use it as a user authentication service similar to cognito?
Thanks in advance.
We tried Cognito but I saw that there is no way to use refresh token rotation and reuse detection strategies.
Of course we can do this "in house" but we want to use a 3rd party solution that is really tested.