I set up an authorization code grant flow for Google using Amazon Cognito. I'm able to get authorization code by calling /login endpoint and exchange it for access_token, refresh_token and id_token using the /token endpoint so I assume that it's set up more or less properly.
Unfortunately, when I try to exchange a refresh_token for new tokens using /token endpoint as well, I receive only access_token and id_token without new refresh_token. I've been trying to understand why it happens but Amazon's documentation only briefly mentions that refresh_token is returned only for authorization code. What's more interesting, auth0 documentation says that the /token endpoint should behave in a very different way - it shouldn't return new tokens directly but a new authorization code instead.
And now I'm pretty confused about what happens there. Is it Amazon who changed the flow of authorizing a user using authorization code? Or, more likely, I don't understand it and did something wrong?
refresh_token is generated at once time code authorization, we can reuse it to generate new access_token and id_token. On my approach, I am calling initiateAuth method to generate new access_token and id_token :
refreshToken() {
let params = {
AuthFlow: "REFRESH_TOKEN_AUTH",
ClientId: this.clientId,
AuthParameters: {
"REFRESH_TOKEN": [refresh_token_property],
"DEVICE_KEY": null
}
};
return this.cognitoIdp.initiateAuth(params).promise().then(data => {
console.log(data.AuthenticationResult);
}).catch(e => {
console.log(e)
})
}