我在应用程序中使用AWS Cognito。
注销时,我正在呼叫Logout Endpoint。
但是在注销后,我仍然能够使用旧的刷新令牌来生成id令牌。
这意味着我的注销端点不再起作用。我将令牌保存在本地存储中,在注销时,我正在手动清除存储。
我的问题是:如何正确使用AWS的注销机制 认知吗?
答案 0 :(得分:0)
我不确定您使用的是哪个框架,但是我正在使用Angular。不幸的是,使用AWS Cognito的方式多种多样,文档尚不清楚。这是我对Authentication Service的实现(使用Angular):
-注1-使用此登录方法-将用户重定向到注销网址后-本地主机会自动刷新并删除令牌。
-注2-您也可以通过以下方法手动进行操作:this.userPool.getCurrentUser()。signOut()
import { Injectable } from '@angular/core'
import { CognitoUserPool, ICognitoUserPoolData, CognitoUser } from 'amazon-cognito-identity-js'
import { CognitoAuth } from 'amazon-cognito-auth-js'
import { Router } from '@angular/router'
const COGNITO_CONFIGS: ICognitoUserPoolData = {
UserPoolId: '{INSERT YOUR USER POOL ID}',
ClientId: '{INSERT YOUR CLIENT ID}',
}
@Injectable()
export class CognitoService {
userPool: CognitoUserPool
constructor(
private router: Router
) {
this.createAuth()
}
createAuth(): void {
// Configuration for Auth instance.
const authData = {
UserPoolId: COGNITO_CONFIGS.UserPoolId,
ClientId: COGNITO_CONFIGS.ClientId,
RedirectUriSignIn : '{INSERT YOUR COGNITO REDIRECT URI}',
RedirectUriSignOut : '{INSERT YOUR COGNITO SIGNOUT URI}',
AppWebDomain : '{INSERT YOUR AMAZON COGNITO DOMAIN}',
TokenScopesArray: ['email']
}
const auth: CognitoAuth = new CognitoAuth(authData)
// Callbacks, you must declare, but can be empty.
auth.userhandler = {
onSuccess: function(result) {
},
onFailure: function(err) {
}
}
// Provide the url and parseCognitoWebResponse handles parsing it for us.
const curUrl = window.location.href
auth.parseCognitoWebResponse(curUrl)
}
/**
* Check's if the user is authenticated - used by the Guard.
*/
authenticated(): CognitoUser | null {
this.userPool = new CognitoUserPool(COGNITO_CONFIGS)
// behind the scene getCurrentUser looks for the user on the local storage.
return this.userPool.getCurrentUser()
}
logout(): void {
this.router.navigate(['/logout'])
}
}