There is an inconsistency in handling user tokens by cognito-local and "real" AWS Cognito.

1. InitiateAuth API call with USER_PASSWORD_AUTH flow returns tokens, namely: AccessToken, IdToken, RefreshToken.

2. If AdminDisableUser is called after that - user tokens are invalidated. As per documentation:

Deactivates a user and revokes all access tokens for the user.

3. If a new InitiateAuth is attempted after that with REFRESH_TOKEN_AUTH flow and a token saved from p1 - real AWS Cognito returns an error, due to the token being revoked.

4. On the other hand, cognito-local does not revoke tokens after p2 and the second InitiateAuth (p3) completes successfully.