Amazon Cognito User Pools now supports customization of token expiration
Amazon Cognito User Pools now enables customers to choose how long their access and refresh tokens should be valid. Access tokens can be configured to expire in as little as five minutes or as long as 24 hours. Refresh tokens can be configured to expire in as little as one hour or as long as ten years. These customizations enable Amazon Cognito customers to balance the security and usability of each application they develop.
Source:: Amazon AWS