I am having trouble understanding how refresh tokens work in Amazon Cognito. I understand that on successful authentication, Cognito returns ID, access, and refresh tokens. The ID and access tokens are valid for an hour, after which Cognito JS SDK uses refresh token to request new Id and access tokens.
My question is, on refresh, does Cognito re-authenticates the user using the underline authentication provider or simply returns new access tokens?
e.g. If I am using Facebook as authentication provider, then on refresh, will Cognito ask the user to login via Facebook again? If not, is there a way to force re-authentication every few hour?
The refresh token flow does not perform a new authentication (user email and password), it just issues a new Id and access token. I don't believe there is a way to enforce a re-authentication via the refresh token flow. You can avoid the refresh token flow and just perform the authentication once the access token or application session expires.