问题
When I signed in using google from aws cognito login page, it return back aws access token. Is it possible to retrieve google access token and refresh token using aws token. The url used to login - https://example.auth.ap-southeast-1.amazoncognito.com//login?redirect_uri=redirect_uri&response_type=token&client_id=client_id.
How aws cognito handles refresh token when signed using google?
回答1:
In short, no.
When you use the above URL to sign in using Cognito Userpool's OAuth endpoints, the response from google (i.e. tokens) is sent to the OAuth response endpoint for your userpool's domain ( https://example.auth.ap-southeast-1.amazoncognito.com/oauth2/idpresponse ). Cognito checks the response from Google and generates id, access & refresh tokens and returns these to you depending on the scope and auth flows used. The response from Google i.e the google tokens is not stored somewhere and there are no Cognito API calls to retrieve the same.
As for token refresh when signed in using Google, that depends on your refresh token (returned by Cognito, and not Google's refresh token). As long as the refresh token returned from Cognito is valid, you can use it to get new id/access tokens. Again, this process does not involve Google at all.
回答2:
Not a fully working solution, but you can create custom attributes in cognito, and map them in the attribute mapping screen :
Then when the user logged in, I saw that access_token and expired_in are captured. But I do not see refresh_token. Without refresh_token we wont be able to access the api from the backend. This seems so close alas !
来源:https://stackoverflow.com/questions/47989259/aws-cognito-is-it-possible-to-get-google-access-token-and-refresh-using-aws-ac