Krzysztof Nowak Krzysztof Nowak - 1 month ago 9
Javascript Question

Is it possible to revoke AWS Cognito IdToken?

Is it possible to revoke

AWS Cognito IdToken
got after user authentication with it's
username
and
password
?

In my usecase the access to
API Gateway
endpoints is restricted by
Cognito User Pool Authorizer
which takes
IdToken
as an argument in
request.headers.Authorizer
. I am looking for way to block current user's
IdToken
.

In
AWSJavaScriptSDK
is a function
globalSignOut({AccessToken})
which revokes the
accessToken
:
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#globalSignOut-property

Is it possible to revoke the
IdToken
the same or similar way?

For interested: I've created an issue on
aws-sdk-js
:
https://github.com/aws/aws-sdk-js/issues/1687

Answer Source

As @AllanFly120 wrote in mentioned topic:

Because IdToken is represented as a JSON Web Key Token, it's signed with a secret or private/public key pairs, which means even if you revoke the IdToken, there is no way to revoke the distributed public key. And IdToken has a short life span, it will expire in a short time.

It resolved my doubts.