Is it possible to revoke AWS Cognito IdToken got after user authentication with it's username and password?
In my usecase the access to API Gateway endpoints is restricted by Cognito User Pool Authorizer which takes IdToken as an argument in request.headers.Authorizer. I am looking for way to block current user's IdToken.
In AWSJavaScriptSDK is a function globalSignOut({AccessToken}) which revokes the accessToken:
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#globalSignOut-property
Is it possible to revoke the IdToken the same or similar way?
For interested: I've created an issue on aws-sdk-js:
https://github.com/aws/aws-sdk-js/issues/1687
As @AllanFly120 wrote in mentioned topic:
Because IdToken is represented as a JSON Web Key Token, it's signed with a secret or private/public key pairs, which means even if you revoke the IdToken, there is no way to revoke the distributed public key. And IdToken has a short life span, it will expire in a short time.
It resolved my doubts.