I'm working with AWS Cognito in an iOS app and need to know how Cognito stores authentication tokens (like access and refresh tokens). Specifically, I'm looking for:
- Does AWS Cognito store these tokens in the iOS Keychain?
- If yes, under what service and account names?
- How can I programmatically access these tokens?
Any guidance or code examples, especially regarding Keychain interaction with Cognito in Swift or Objective-C, would be greatly appreciated.
Cognito doesn't stored the tokens in an iOS Keychain. It would be your own iOS app that would need to fetch tokens from Cognito and store them as you see fit.
To programmatically access tokens, you would need to do something like invoke the token endpoint to retrieve tokens for a user who has been authenticated through a federation integration.
The other alternative would be to use an SDK, such as this one for Swift. Further, this API documentation shows the sorts of available API calls you can make.
Also see