Background:
I have a requirement where I need to allow the refresh token live for a really long time for some types of user, but I want to limit it (expire it) for other users.
Both sets of users have to be in the same Cognito user-pool.
My first thought was to check how long the users have been logged-in if they are the type of user I want to limit and call global sign-out to force those users to re-authenticate, but I cannot find any API that will tell me how long a user has been logged in.
As an important side note, since I am using Cognito with Amplify + Appsync, the refresh token is used to obtain new session tokens until the refresh token expires.
Question:
Is there a way in Amplify or Cognito APIs to find out how a user has been logged in in that particular device?
Cognito has a feature that remembers the user's device and records the date in which the device was last authenticated.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetDevice.html