Select Language:
If you’re noticing that your refresh tokens are expiring sooner than expected, that’s actually normal behavior based on how refresh token validity is set up. When you configure the RefreshTokenValidity to 60 minutes, it means the refresh token’s total lifespan starts counting from the moment the user first logs in. This time limit doesn’t reset or extend with each new token you get through token rotation.
Even if your system uses refresh token rotation — meaning each time your app requests new tokens, it gets fresh ones — the total expiration time still sticks to the original setting. So, every new token you obtain within that period is just a replacement, but the clock for the overall token lifetime doesn’t restart.
Once that 60-minute window passes, the refresh token expires, no matter how many times it’s been rotated. At that point, your users will have to log in again to get fresh tokens and continue their session.
To allow users to stay logged in longer without needing frequent re-authentication, you should increase the RefreshTokenValidity setting. The default is 30 days, but you can extend it to suit your needs. This setting supports different time units—seconds, minutes, hours, or days—so you can customize it accordingly based on how long you want users to stay authenticated without signing in again.
For more details, you can refer to the official documentation on configuring token validity in Amazon Cognito, which provides specific instructions on setting the appropriate duration.
ChatGPT
Perplexity
Gemini AI
Grok AI
