I’m working with n8n and struggling to create an automated system for refreshing AWS Cognito OAuth tokens.
Right now I have to manually update the token each day which is really annoying. I want to build something that handles this automatically so I don’t have to keep doing it myself.
What I tried so far:
I created a workflow in n8n that calls the AWS Cognito token refresh endpoint. I thought this would automatically get new access tokens and update them in my workflow without me having to do anything.
The problem:
The workflow isn’t working like I expected. The token refresh doesn’t happen on its own and I still have to run it manually to get fresh access tokens.
What I need:
I’m looking for a solution that will automatically handle the token renewal process without me having to manually start the workflow each time. Has anyone figured out how to make this work properly in n8n?
check ur workflow permissions! i had that same prob, n8n couldn’t update the token due to permission issues. also, make sure ur refresh token is still valid. usually they last about 30 days, but can vary based on ur cognito pool setup.
Your problem is n8n’s credential management. It’s refreshing your AWS Cognito tokens but not saving them for next time. Here’s what’s happening: n8n grabs a new token but doesn’t update its credential vault, so every workflow run still uses the old expired token. You need to build a workflow that calls Cognito’s refresh endpoint AND updates n8n’s stored credentials. Use the HTTP Request node to hit Cognito, grab the new access token from the response, then use n8n’s credential update feature to overwrite the old token. Skip that last step and you’re stuck in this loop. Also, add some buffer time to your scheduling in case the refresh API is slow or fails.
The problem is n8n treats refreshed tokens like temporary session data instead of permanent credentials. When your workflow hits the Cognito refresh endpoint, that new token only lives during that one execution - then it’s gone. You need a two-step fix: refresh the token through Cognito, then save it back to n8n’s credential store using their credentials API. Skip this second step and your next workflow will just grab the same expired token from storage. I’ve found it works way better to create a separate token management workflow that runs on its own schedule rather than cramming refresh logic into every workflow. Just make sure it runs before your tokens actually expire - give yourself some buffer time.
yeahh, totally get it! i had simmilar issues. Just make sure ur token storage is set right in n8n’s creds. also, dont forget to tweak ur cron jobs. if they go against the token lifespan, you’ll have problems. switching to 30 mins worked for me!
Had this exact problem six months ago. n8n treats OAuth credentials differently than regular API keys - the auto-refresh works but you’ve got to set it up right first. Check your AWS Cognito credential settings and enable automatic refresh (there’s a checkbox that’s super easy to miss). Set your workflow trigger to run before the token expires, not after. Here’s the key part - make sure your workflow uses the same credential ID as your other workflows, or you’ll just be refreshing tokens that nobody else can access. I switched to a 50-minute interval instead of hourly since AWS tokens last 60 minutes. Once you configure the credential for auto-renewal properly, it’ll refresh seamlessly.
your schedule trigger probably isn’t firing. check your cron expression - i’ve wasted hours on that exact mistake before. also verify the workflow’s actually active, not just saved. n8n will deactivate workflows after they error out.