AWS – Amazon Cognito now supports targeted sign out through refresh token revocation
By default, Amazon Cognito refresh tokens expire 30 days after a user signs in to a user pool. When you create an app, you can set the app’s refresh token expiration to any value between 60 minutes and 10 years. Amazon Cognito now enables you to revoke refresh tokens in real time so that those refresh tokens cannot be used to generate additional access tokens.
Read More for the details.