amplify-js: missing credentials in config (can't refresh login token)

Hi, As you may know, after an hour the login token will expire. So, after an hour (when AWS.config.credentials.needsRefresh() is true) I’m trying to refresh the cognito user’s session, which does work for the first hour I’m calling it, but after 2 hours I’m receiving an error, although the exact same routine, as 1 hour before (when it successfully refreshed) takes place. Can the login token be refreshed only once?

This is my code:

if(AWS.config.credentials.needsRefresh()) {
  clearInterval(messwerte_updaten);
  AWS.config.credentials.refresh(function (err) {
    if (err) {
      console.log(err);
    }
    else {
      callLambda();
    }
  });
}

The error i’m receiving is:

missing credentials in config
could not load credentials from constructor
Invalid login token. Token expired: 1446742058 >= 1446727732

I’m stuck at this problem for 5 days now, tried everything from Stackoverflow, AWS Docs and GitHub but nothing works for me…so helpful answers are highly appreciated. thanks in advance.

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 17 (6 by maintainers)

Most upvoted comments

After almost 2 weeks i finally solved it.

The problem was that i didn’t update the AWS.config.credentials Object with the new Id Token.

In case someones reading this and is having similar issues, do the following:

You need the refresh token to receive a new id token. Now, update the AWS.config.credentials object with the new token.

here is an example of my code, which runs smoothly!

refresh_token = session.getRefreshToken();   // you'll get session from calling cognitoUser.getSession()
if (AWS.config.credentials.needsRefresh()) {
  cognitoUser.refreshSession(refresh_token, (err, session) => {
    if(err) {
      console.log(err);
    } 
    else {
      AWS.config.credentials.params.Logins['cognito-idp.<YOUR-REGION>.amazonaws.com/<YOUR_USER_POOL_ID>']  = session.getIdToken().getJwtToken();
      AWS.config.credentials.refresh((err)=> {
        if(err)  {
          console.log(err);
        }
        else{
          console.log("TOKEN SUCCESSFULLY UPDATED");
        }
      });
    }
  });
}

Since, there are more people facing this issue, I’d be really happy if this gets added into the AWS Amplify documentation!

+14

david114 on Mar 22, 2018

@david114 thank you so much for resolving and posting here. We struggled for months with this with AWS in 2017. Our solution finally was to place a fix in the aws-sdk code to ensure the correct tokens were passed for huge multipart uploads. Integrated this fix into our code base over the weekend, works a charm!

paolavness on Nov 27, 2018

@david114 thanx a ton for going through this so I don’t have to.

Note to AWS team:

Logins is not part of the params type.

Birowsky on Sep 30, 2018

Hi @tipsfedora, glad it worked and thank you so much for posting your solution. Hi @mlabieniec, can you work on putting this solution into Amplify doc in a suitable way? Thanks a lot!!

yuntuowang on Mar 22, 2018

Hi @tipsfedora, login tokens can be refreshed many times as long as refreshToken is valid. Can you double check when you call “cognitoUser.refreshSession(cognitoUser.signInUserSession.refreshToken, (err, session)”, is the refreshToken here not missing?

yuntuowang on Mar 7, 2018

Gonna try it out tomorrow at work, will report the outcome here. Thanks so far.

david114 on Mar 5, 2018

Hi @tipsfedora

Amplify can handle credentials for you (this would be the recommended way), looks like you are currently using the aws-sdk directly.

In that case, you could try with the getPromise() method of the credentials (no need to create a new instance of AWS.CognitoIdentityCredentials).

await AWS.config.credentials.getPromise();

call_Lambda();

manueliglesias on Mar 5, 2018