Reputation: 11
Authorization code grant in lambda AWS with Serverless Framework
I'm developing a lambda service with Serverless Framework that is responsible for logging into Cognito.
const aws_cognito = require('amazon-cognito-identity-js');
const authDetails = new aws_cognito.AuthenticationDetails({
Username: usuario,
Password: password
});
const poolData = {
UserPoolId: XXXXXXXX,
ClientId: XXXXXXX
};
const userPool = new aws_cognito.CognitoUserPool(poolData);
const userData = {
Username: usuario,
Pool: userPool
};
const cognitoUser = new aws_cognito.CognitoUser(userData);
cognitoUser.authenticateUser(authDetails, {
onSuccess: () => {
console.log('OK');
},
onFailure: (err) => {
console.log(err);
}
});
For business reasons I need to simulate the UI that Cognito generates. The system should support OAUTH flows: "Authorization code grant" and "Implicit grant".
"Implicit grant" works without problems, but I can not obtain the authorization code for "Authorization code grant". Is there any way to obtain the authorization code with the AWS SDK?
Thanks!
Upvotes: 1
Views: 959
Answers (1)
Reputation: 21
I understand that you are able to implement the "Implicit Flow" without using the Hosted UI but you want to know how to implement "Authorization Grant Flow".
You can use any HTTP client within your Web application to send HTTP requests to Cognito Auth Endpoints to go through the Code grant flow. These are REST API endpoints and also no SDK is required to perform the operation.
Please see the below steps to understand the flow of the process using the API calls:
1) Make a GET request to AUTHORIZATION endpoint to receive the XSRF tokens [1]. You will need to pass the required parameters while making this request. The required parameters are response_type (code or token), client_id and redirect_uri. As per your use-case, since you are using "Authorization Grant Flow", you need the value of response_type to be set to "code". Once you make this request, you will receive an XSRF token in the response as a Cookie. This XSRF token will be needed in the next step.
2) Make a POST request to LOGIN endpoint to receive tokens [2]. You need to pass the same required parameters mentioned while making AUTHORIZATION request. Along with the required parameters, you can pass POST body parameters: CSRF token, username, and password. Once we make this request, you will be able to receive the Tokens in the response. It also provides a Cookie in the response which you can use later to make a request for refresh tokens.
3) Make a POST request to the TOKEN endpoint to receive refresh tokens[3]. We need to pass the required parameters while making the request. The required request parameters are grant_type and client_id. Once you make a successful request, you will receive a new set of Tokens in the response.
============
References:
[1] Authorization Endpoint: http://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
[2] Login Endpoint: http://docs.aws.amazon.com/cognito/latest/developerguide/login-endpoint.html
[3] Token Endpoint: http://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
Upvotes: 2
Related Questions
- Shared Lambda authorizer setup in Serverless Framework
- Cognito authorizing a user through AWS lambda function
- Serverless framework - Lambda function with Authorizer COGNITO_USER_POOLS always return "Unauthorized"
- Serverless Framework ignoring "authorizer" block in lambda-proxy setup
- AWS: Using id token and access token generated by cognito in lambda functions
- Cognito user pool authorizer With Serverless Framework
- Unauthenticated and authenticated APIs using Cognito
- Using Serverless, how do you set a Lambda function's authorizer to a Cognito User Pool from the Resources?
- Serverless Framework with server-side authentication and Cognito
- AWS Lambda Authorizer