Centralize Authentication Errors Across Application #823
-
|
I am using AWS SDK Rust in combination with SSO credentials. I have implemented code that does the full auth integration with AWS (mimicking the My issue arises with refreshing and detecting when the user is no longer logged in. I would like it such that as soon as a request is attempted and fails due to a Token expiry error (this can happen on any of the hundreds of API calls I make) that the system detects this and automatically attempts to reauthenticate. This is especially necessary as AWS invalidates even the refresh tokens after ~30 hours. Any pointers would be appreciated here, happy to share more of my authentication code as well if it is helpful to others (took a lot of reverse engineering to figure out the right setup there). |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I think your best approach would be to look at the |
Beta Was this translation helpful? Give feedback.
-
|
Yeah, I'm doing this for now... I'm not sure what the correct window before the expire time is though to refresh. Is there a recommended threshold AWS has for this? |
Beta Was this translation helpful? Give feedback.
I think your best approach would be to look at the
expiry()of the returned credentials and trigger a refresh automatically—if you implement your code as a credential provider that setsexpiryproperly on the returned credentials, this should happen automatically because the cache will trigger a refresh before the credentials expire.