-
-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for refresh tokens #25
Comments
Apologies, somehow I missed this issue when you opened it. I'm not certain whether Cognito uses refresh tokens with OpenID federation, so some investigation may be required. I don't believe it's mentioned in the documentation for the flow - Cognito generates its own refresh tokens (which are mentioned), but it's not clear whether refresh tokens are used with OIDC federation. However, there are no technical challenges that I am currently aware of, and a PR to add this would be most welcome! |
Now that I think about this, one issue may be that GitHub doesn't issue refresh tokens (as far as I remember). If this is the case, the feature would still be useful if people are using this wrapper for other OAuth services - I've thought about making that part more general. |
@ispyinternet Did you get anywhere with this? |
Haven’t had a chance to look yet |
Further to this, it looks like github now supports refresh tokens, but only through their beta program (at the moment). I'm not sure if you'd want to rely on this in production, since "features in the public beta are subject to change": Anyway, it would be possible to extend the github connector to request and return refresh tokens, but I'm still unclear on whether Cognito would use them. |
@TimothyJones The Link you last shared has provision to call for new access token using the refresh token. But, the link is for github apps and not Oauth app. Also I am not sure if i receive any refresh token from the github's side. |
Nice work! Whats the challenge with implementing the refresh token? I'm assuming Github provides this and its just a need to intercept the request and proxy? If there are no technical challenges you are aware of I will have a stab!?
The text was updated successfully, but these errors were encountered: