tokenExpiration question about cognito-express HOT 7 CLOSED

Oh that I can answer, since it relates to this package and not AWS Cognito. The default expiration time is 1 hour, as set by AWS Cognito. BUT should you want to have a shorter expiration time, say 5 minutes, you can set your own token expiration in CognitoExpress config.

from cognito-express.

Thank you

from cognito-express.

Yes, once the token expires, you get this error:

{
    "name": "TokenExpiredError",
    "message": "jwt expired",
    "expiredAt": "2017-07-05T16:41:59.000Z"
}

from cognito-express.

Thank you for the quick response, how is the expiration determined?

is it based on the actual "exp" value in the token? or is it based on the tokenExpiration value + the "auth_time" value in the token?

from cognito-express.

Bit rusty on the exact mechanics but I could point you to the official documentation on this to avoid giving false/outdated info: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token

from cognito-express.

thanks, Cognito validates based on the exp value in the access token.

just wondering why "tokenExpiration" is something that gets set in the cognitoExpress Config, I guess I can dig into the code to find out for sure.

from cognito-express.

hey @ghdna thanks for building the library. I was hoping to read more on the part where we use the url .well-known/jwks.json to fetch some response and the data in the response lays the foundation for unpacking/decoding the jwt, this doesn't seem like standard public key cryptography, can you share some resources on the strategy used ?

from cognito-express.