-
Notifications
You must be signed in to change notification settings - Fork 10
Login and Authentication
Sinopia user accounts are managed by AWS' Cognito service: https://aws.amazon.com/cognito/
The editor uses the AWS Amplify package to handle session creation, renewal, and management for users (the SDK provides methods for attempting to login and for attempting to obtain a valid idToken
, either by pulling a currently valid one from local storage if available or by requesting a new one if local storage has a valid refreshToken
to submit to Cognito for the user -- if neither is successful, the user will have to re-login). The editor passes the idToken
to the sinopia_api
for user authentication.
Note that there are two ways that a user can have an invalid refreshToken
in local storage:
- The token is more than one month old, and has expired.
- The user explicitly logged out in another browser, invalidating any previously issued refresh tokens.
In those cases, the Cognito SDK will fail to obtain a valid idToken
for the user, the editor will treat the user as not having a session, and will force a new login, so that the user can get a valid token and interact with the backend.