Cognito renewal of refresh token

Just implemented an OAuth2 authentication with AWS Cognito and came across this issue:

I am re-generating an id_token with my refresh_token using this endpoint:

/oauth2/token grant-type: refresh_token

but when my refresh_token is expired, I don't want the user to go through the login process again. Is there any way of "refresh the refresh_token"?

Also, I don't want my refresh_token to have infinite (or 9999 years) of validity time.

What should I do? Thank you.

Solution

No you cannot get a fresh refresh token without having the user sign in again. That's the whole point of a refresh token. You can have a refresh token for a reasonable time like a month and then forcefully invalidate it if user signs out though.

Getting refresh token for gmail API with Spring Security
Creating firebase user with authentication information from Salesforce
Where to store the refresh token on the Client?
AuthorizedClientServiceOAuth2AuthorizedClientManager: accessToken cannot be null
How do I add audience validation using Spring OAuth without needing the issuer?
Ruby & IMAP - Accessing Office 365 with Oauth 2.0
3rd party cookies in Android 14/New Chrome using Angular/Firebase Auth/Hosting and NodeJs in Server
Swift Discord OAuth2 redirect URi not supported by Client
Apim policy to validat token for b2b and as well as b2c tenant token endpoints
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Google APIs Console - missing client secret
Automating access token refreshing via interceptors in axios
Supabase does not append code parameter to the redirect URL after OAuth login
How/why is login page redirect required?
Where can I find a list of scopes for Google's OAuth 2.0 API?
Using ASP.Net Core Identity in parallel with OpenIdConnect OAuth2
Spring security JWT without OAuth
Add OAuth authentication for HTTP request triggers
Get email, phone, etc from OAuth2 login
BFF pattern for native apps in OAuth 2.0?
Why is PKCE `code_verifier` calculated server-side in BFF pattern?
Apache strips down "Authorization" header
Fake Firebase Auth Tokens for Test Environment
Access Not Configured for Google OAUTH Login
Authenticating to Microsoft 365 SMTP servers via OAuth2 only works for users without MFA
Getting user data through an Azure AD OAuth login - React Native Expo App
Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
spring oauth client (v6.4.2): does not redirect to oauth-server
NextJs: server component vs server action
Why Does OAuth v2 Have Both Access and Refresh Tokens?