1. 首頁
  2. 問答
  3. Cognito用戶池:如何刷新訪問令牌Android

Cognito用戶池:如何刷新訪問令牌Android

2016-08-23 44 views
1

如何使用Cognito for Android刷新訪問令牌?該文檔建議如下(https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.html):Cognito用戶池:如何刷新訪問令牌Android

// Implement authentication handler 
AuthenticationHandler handler = new AuthenticationHandler { 
    @Override 
    public void onSuccess(CognitoUserSession userSession) { 
     // Authentication was successful, the "userSession" will have the current valid tokens 
     // Time to do awesome stuff 
    } 

    @Override 
    public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID) { 
     // User authentication details, userId and password are required to continue. 
     // Use the "continuation" object to pass the user authentication details 

     // After the user authentication details are available, wrap them in an AuthenticationDetails class 
     // Along with userId and password, parameters for user pools for Lambda can be passed here 
     // The validation parameters "validationParameters" are passed in as a Map<String, String> 
     AuthenticationDetails authDetails = new AuthenticationDetails(userId, password, validationParameters); 

     // Now allow the authentication to continue 
     continuation.setAuthenticationDetails(authDetails); 
     continuation.continueTask(); 
    } 

    @Override 
    public void getMFACode(final MultiFactorAuthenticationContinuation continuation) { 
     // Multi-factor authentication is required to authenticate 
     // A code was sent to the user, use the code to continue with the authentication 


     // Find where the code was sent to 
     String codeSentHere = continuation.getParameter()[0]; 

     // When the verification code is available, continue to authenticate 
     continuation.setMfaCode(code); 
     continuation.continueTask(); 
    } 

    @Override 
    public void authenticationChallenge(final ChallengeContinuation continuation) { 
     // A custom challenge has to be solved to authenticate 

     // Set the challenge responses 

     // Call continueTask() method to respond to the challenge and continue with authentication. 
    } 

    @Override 
    public void onFailure(final Exception exception) { 
     // Authentication failed, probe exception for the cause 

    } 
}; 
user.getSession(handler);

這是爲什麼這是行不通的。我獲取Session的用戶對象在令牌過期時不再進行身份驗證。因此,通過下面的檢索緩存的用戶,將返回null

CognitoUser user = userPool.getCurrentUser();

由於上述返回NULL,我試圖通過ID來獲得用戶對象

​​

這完美的作品,但用戶不驗證並因爲用戶ID是空

@Override 
public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID)

只有當我嘗試此調用令牌到期之前做這項工作在以下回調階段會失敗,並且可以接收一個新的訪問令牌。但是在令牌過期後如何做到這一點?任何幫助,將不勝感激。提前致謝

來源

2016-08-23 portfoliobuilder

回答

5

當您調用getSession(...) - 獲取標記 - 並且緩存的標記已過期時,SDK將自動刷新標記(只要刷新標記未過期)。如果刷新令牌已過期,則會調用getAuthenticationDetails(...),因爲現在需要用戶憑證(用戶名,密碼等)才能獲取新的令牌。不管你如何獲得用戶對象,即通過getCurrentUser()或getUser(...)方法,只要存在有效的緩存標記或者如果可以刷新標記,就可以通過getSession()獲得有效標記。 ..)。

使用最新的SDK(版本2.3.1)重試。

來源

2016-09-14 00:10:08

+0

2.3.1這是工作 – portfoliobuilder

+0

「SDK將自動刷新標記」 - 刷新標記更新以及?因此,如果應用程序完全未使用一段時間(默認30天,我認爲刷新令牌過期),它將過期。或者自認證以來有限制(例如,首次登錄後30天,比您再次需要憑證)? –

相關問題

 相關問題