I'm referring to the openid standard I guess[1], it looks like AWS Cognito does ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		candiddevmike on Sept 5, 2024 \| parent \| context \| favorite \| on: OAuth from First Principles I'm referring to the openid standard I guess[1], it looks like AWS Cognito does something different (they don't support offline_access, but they always issue a refresh_token from what I'm reading). 1 - https://openid.net/specs/openid-connect-core-1_0.html#Offlin...

taeric on Sept 5, 2024 [–]

Yeah, if you do a CODE flow, you get three tokens. Implicit is only access.

They at least have decent support to guard api access using these.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact