Cognito user pool: How to use refreshToken to get new accessToken after accessToken gets expired in aws cognito java sdk?

Question

I am using aws cognito in scala play framework based web app as user management solution. I am using following code to login.

var mIdentityProvider: AWSCognitoIdentityProvider = getAmazonCognitoIdentityClient;

def sessionLogin(userName: String, password: String): AdminInitiateAuthResult = {
val authParams: java.util.Map[String, String] = new java.util.HashMap[String, String]()
    authParams.put("USERNAME", userName)
    authParams.put("PASSWORD", password)
    val authRequest = new AdminInitiateAuthRequest()
      .withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH)
      .withUserPoolId("***")
      .withClientId("***")
      .withAuthParameters(authParams)
    val authResult = mIdentityProvider.adminInitiateAuth(authRequest)
    authResult
}

Above code returns accessToken, expiresIn, tokenType, refreshToken and idToken from aws cognito server. As per aws documentation, we can use refreshToken to get new accessToken or idToken when accessToken gets expired in order to continue user session. But in document it is not mentioned how to use refreshToken for this purpose. Any help regarding this would be appreciable. Thanks in advance.

Answer 1

I figured it out myself. Following is working code

def refreshAccessToken(refreshToken: String): AuthenticationResultType = {
    val authParams: java.util.Map[String, String] = new java.util.HashMap[String, String]()
    authParams.put("REFRESH_TOKEN", refreshToken)
    val authRequest = new AdminInitiateAuthRequest()
      .withAuthFlow(AuthFlowType.REFRESH_TOKEN_AUTH)
      .withUserPoolId("***")
      .withClientId("***")
      .withAuthParameters(authParams)
    val authResult = mIdentityProvider.adminInitiateAuth(authRequest)
    val resultType: AuthenticationResultType = authResult.getAuthenticationResult
    resultType
  }

Answer 2

Glad you found an answer to your question. To help make this more of a resource for others in the future, here are some helpful links:

The AWS docs on token refresh

The Mobile SDK for iOS and the Mobile SDK for Android automatically refresh your ID and access tokens if there is a valid (non-expired) refresh token present, and the ID and access tokens have a minimum remaining validity of 5 minutes. If the refresh token is expired, your app user must reauthenticate by signing in again to your user pool.

Note also that the Amplify API includes logic to help with this. See this Git issue, and specifically this comment which deals with keeping tokens fresh even during long-running operations:

I ran into a situation where my Cognito JWT token was expiring on long-running S3 uploads (fails at the 1 hour mark). I couldn't find anything that gave a solution as to how you refresh the token in the middle of a request, so after hours of digging through the Amplify lib and AWS SDK, I finally figured out a solution. You do have to use the AWS SDK directly (sorry Amplify Storage)