I have a requirement to be able to specify session timeouts on a per user basis. (So that it may be a different value for each user) It seems natural to use the 'exp' property on the access token to accomplish this, (as that it's purpose in the oauth spec), but cognito seems to ignore updates to this in the preTokenGeneration trigger. Is there a way to update this on a per user basis? Or do I really need to define some custom attribute that will be checked on the Id token?
https://stackoverflow.com/questions/66810088/is-there-a-way-to-override-the-exp-property-on-access-tokens-in-amazon-cognito March 26, 2021 at 10:05AM
没有评论:
发表评论