How to use Amazon Cognito Logout endpoint?

Asked 10/7, 2018 at 5:42 Answered 24/6, 2024 at 0:5

I am using AWS Cognito in my application.

While doing logout i am calling the Logout Endpoint.

But after doing logout, I am still able to generate the id-tokens using the old refresh token.

It means my logout endpoint is not working any more. I am saving the tokens in my local storage, And while doing the logout i am clearing the store manually.

My Question is: How to properly use the logout mechanism of AWS Cognito?

Egocentric answered 10/7, 2018 at 5:42 Comment(2)

Have you found any solution to your problem? – Earpiece 4/10, 2018 at 9:40

Well, At the end what i found is that idtoken will be valid for atleast 1 hour. If we want to destroy refresh/access token than we have to use global-sign out option. Ref: docs.aws.amazon.com/cli/latest/reference/cognito-idp/… – Egocentric 4/10, 2018 at 12:35

I'm not sure which framework you are using, but I'm using Angular. Unfortunately there are different ways of using AWS Cognito and the documentation is not clear. Here is my implementation of the Authentication Service (using Angular):

- Note 1 - With using this sign in method - once you redirect the user to the logout url - the localhost refreshes automatically and the token gets deleted.

- Note 2 - You can also do it manually by calling: this.userPool.getCurrentUser().signOut()

import { Injectable } from '@angular/core'
import { CognitoUserPool, ICognitoUserPoolData, CognitoUser } from 'amazon-cognito-identity-js'
import { CognitoAuth } from 'amazon-cognito-auth-js'
import { Router } from '@angular/router'

const COGNITO_CONFIGS: ICognitoUserPoolData = {
  UserPoolId: '{INSERT YOUR USER POOL ID}',
  ClientId: '{INSERT YOUR CLIENT ID}',
}

@Injectable()
export class CognitoService {

  userPool: CognitoUserPool
  constructor(
    private router: Router
  ) {
    this.createAuth()
  }

  createAuth(): void {
    // Configuration for Auth instance.
    const  authData = {
      UserPoolId: COGNITO_CONFIGS.UserPoolId,
      ClientId: COGNITO_CONFIGS.ClientId,
      RedirectUriSignIn : '{INSERT YOUR COGNITO REDIRECT URI}',
      RedirectUriSignOut : '{INSERT YOUR COGNITO SIGNOUT URI}',
      AppWebDomain : '{INSERT YOUR AMAZON COGNITO DOMAIN}',
      TokenScopesArray: ['email']
    }

    const  auth: CognitoAuth = new CognitoAuth(authData)
    // Callbacks, you must declare, but can be empty.
    auth.userhandler = {
      onSuccess: function(result) {
      },
      onFailure: function(err) {
      }
    }

    // Provide the url and parseCognitoWebResponse handles parsing it for us.
    const curUrl = window.location.href
    auth.parseCognitoWebResponse(curUrl)
  }

  /**
   * Check's if the user is authenticated - used by the Guard.
   */
  authenticated(): CognitoUser | null {
    this.userPool = new CognitoUserPool(COGNITO_CONFIGS)
    // behind the scene getCurrentUser looks for the user on the local storage.
    return this.userPool.getCurrentUser()
  }

  logout(): void {
    this.router.navigate(['/logout'])
  }

}

Sesquicarbonate answered 30/8, 2019 at 16:50 Comment(0)

Angular App AWS Cognito Logout

Where you can use the Cognito Domain or your custom domain.

Cognito Domain https://myCognito.auth.REGION.amazoncognito.com/logout...

My Custom Cognito Domain https://mycustomdomain.auth/logout...

<a href="https://mycustomdomain.auth/logout?client_id=myclientid&logout_uri=https%3A%2F%2Fwww.mycustomdomain.com%2Fmylogout">link text</a>

Roadway answered 22/6, 2024 at 21:33 Comment(0)

You most likely have added some form of implementation using cognito / identity admin sdk endpoints. Make an api endpoint, pass the username in manually, then invalidate the login session via the identity admin sdk.

https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminUserGlobalSignOutCommand/

Then clear the local storage in the browser as you are.

Lignify answered 24/6, 2024 at 0:5 Comment(0)

Recommended topics

Hot tags