I want to implement a signout method for my Typescript project that uses AWS Cognito userpool. The implementation for this has been included below:
import { Request, Response } from 'express';
import { config, handleCognitoError } from './util';
import {
CognitoIdentityProviderClient,
GlobalSignOutCommand
} from '@aws-sdk/client-cognito-identity-provider';
export const logoutUser = async (req: Request, res: Response) => {
console.log('LOGOUT ROUTE CALLED');
const { accessToken } = req.body;
const client = new CognitoIdentityProviderClient(config);
const input = {
AccessToken: accessToken
};
const command = new GlobalSignOutCommand(input);
try {
const response = await client.send(command);
res.status(200).json({ message: 'LOG OUT SUCCESS', res: response });
} catch (err: unknown) {
console.error('LOG OUT FAILED');
res.status(500).json({ message: 'LOG OUT FAILED', error: err.message });
}
};
The above code works in the sense that the GlobalSignOutCommand does result in status 200. However, I'm not entirely sure the SignOut is really working. After I call this route and then try to use the JWT access token assigned to that user, in a different POST request the token still works. According to the AWS documentation on this, the method should "invalidate the identity, access, and refresh tokens that Amazon Cognito issued to a user" (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GlobalSignOut.html). That isn't what seems to be happening. Is there an additional config that needs to be setup in AWS perhaps? While it seems like the method is working as required functionally it is not.
Is there perhaps a different approach to logout/signout method using AWS Cognito Userpools and JWT Access/Refresh tokens? Am I perhaps not testing it in the correct way?