The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

396147 (1) [Avatar] Offline
Regarding: WARNING The AWS credentials returned by Amazon Cognito are temporary and expire after some time. You need to manage credential rotation—for example using the JavaScript setInterval() method to periodically call Amazon Cognito to refresh the credentials.

Is the setInterval() considered best practice for refreshing a user's token? Or would there be a separate workflow for attempting to make a request to the API with an expired token (and failing/401 because of the expired token), getting a new token, then re-requesting on the API with a now-valid token. Usually this would be accomplished with a refresh token. Wouldn't you have to store the login/password somewhere on the client?
Danilo Poccia (11) [Avatar] Offline
You are right, refreshing the credentials requires you to have a valid token from the authentication provider (for example Facebook, Twitter, the Sample Authentication Service in the book, or the new Cognito User Pools).

Depending on the provider, you should eventually refresh the token and use the new one when requesting credentials from Amazon Cognito.

Most of the providers have their own client-side library that is managing a local cache (for example, using JavaScript localStorage). You can leverage that before refreshing credentials.

In the case of Amazon Cognito, AWS released a JavaScript module to make it easier to manage User Pools on the client: