Delete FCM Token while logout and generate new token with permission when user login in angular 8.
delte FCM token while logout and ask permission after user loggedin
Related
I have used DRF and simple JWT for the user application and I have tryied make my logout for an application on DRF, but I know how to delete authentication token, I have the blacklist token but the token continues to serve
I want to delete the authentication token, because the refresh-token is in the blacklist token now
You need to put this setting in settings.py or locally applied at views.py like this
this setting is for if you applied globally JWT Auth
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
}
Currently I trying to verify if a refreshToken is still valid after revoke it using the boto3 method. Any suggestion about how to do this?
I revoking the refresh token as follows:
def revoke_refresh_token(refresh_token):
import boto3
print(f"REVOKING TOKEN -> {refresh_token}")
client = boto3.client('cognito-idp')
client.revoke_token(
Token=refresh_token,
ClientId='MY_CLIENT_ID',
)
print("TOKEN REVOKED")
return "TOKEN REVOKED"
You can validate refresh tokens as you would with any other JWT token, by validating the JWT's structure, the signature and the claims. See this document for help on how to do that Cognito tokens: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html.
When it comes to checking if tokens have been revoked, I believe that you'll just need to build your app to handle tokens being revoked and redirect the user to sign-in when this happens. I am not aware of anyway you can currently validate refresh tokens, other than to perhaps attempt to generate new access/id tokens and see if you are rejected.
I am using Amplify to sign in to Cognito from the react app.
const user = await Auth.signIn(userName, password);
Only sometimes, it will return:
"NotAuthorizedException: Access Token has been revoked
I am definitely seeing this error after the password for the user is changed and then the signIn is attempted.
Weird to get it at the time of login itself. How can I try to resolve this?
In my react-native app, I have a jwtsaved to localStorage by redux-persist. I need to check the expire date of token before every fetch request to API. But I don't want to implement this process of date comparing within every page, because there are dozens of pages where I make a request to API. Maybe I can write custom method that wrappes fetch and check the expire date inside or before every fetch to dispatch action that check whether token expired? I'm stuck here. Do you have any idea how can I solve this problem?
This is an overview of how you can solve your problem.
Step by Step
/login
Successful login
Server returns { token, refreshToken }
Now for making any request ( protected i.e only logged in user needs to be shown or access a particular resource on server)
send token with each protected request in Authorization header
server validates the token
in case of expired token server returns expired token error
now client receives the expired token error
next client dispatches an action to get new token
new action should send an api call to server to get new token passing refreshToken
after validation of refreshToken server returns new accessToken and refreshToken, in case passed refreshToken was invalid return an error and client should logOut the user
If new accessToken is received update the app state with new accessToken and refreshToken
This is just an overview but you can add more security measures to it such as only few times token can be requested via refreshToken and after that user must login again.
In one of my iOS apps, I am using FBSDKfor Facebook login and it works correctly. But we would like to handle the case that the access token becomes invalid. If I have changed my password through some other Facebook login then as per the Facebook blog post, it should invalidate the access token, but while I am fetching the stored token using [FBSDKAccessToken currentAccessToken].tokenString, it appears that the token is still valid, based on the following:
[FBSDKAccessToken currentAccessToken].tokenString does not return nil.
Using the following url to validate the access token [NSString stringWithFormat:#"https://graph.facebook.com/APP_ID/permissions?access_token=ACCESS_TOKEN], as per stackoverflow post
How to verify the account password changed (and corresponding token invalidation) scenario for Facebook?
We want to detect the invalid token and ask the user to login again, if the account password has been changed through logging in to Facebook somewhere else and changing the password.
Any suggestion is appreciated.
Thanks.
Changing password won't invalidate the login. To invalidate the login, you need to go to Facebook->Settings->Security and Login. Find where you are logged in with the token and force log out.