Reputation: 487
Cognito authorization code grant flow for custom UI
I am trying to replicate functionality of cognito hosted ui sign in page(https://docs.aws.amazon.com/cognito/latest/developerguide/login-endpoint.html), but aws sdk does not provide any method that would take username,password and would return authorization code which could be used for obtaining access/id token. The initiateAuth and adminInitiateAuth only support implicit flow which returns directly access/id token. Is there any workaround for this, how to retrieve authorization code?
With best regards, Jakub
Upvotes: 10
Views: 3719
Answers (2)
Reputation: 717
There's no API that supports this functionality. It would be great if initiateAuth and adminInitiateAuth could respond with authorization code.
One of the workarounds suggested by AWS is for your backend to send a POST request with login and password to the login page in the hosted UI. I wouldn't recommend this solution though. It's unnecessarily complicated and doesn't work with MFA challenges. It may also impact brute force attack detection as well as the Advanced Security features because the original IP address of the user is masked by your backend IP address.
Upvotes: 12
Reputation: 534
You should use some SDK. Refer this link for examples of how to in a web environemtn https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html
Upvotes: -3
Related Questions
- AWS Cognito Authorization code grant flow without using the hosted UI
- Setup cognito hosted UI with MFA
- Specifying User Access Control with Amazon Cognito
- AWS cognito custom user roles for authorization
- AWS Cognito and custom roles
- AWS Cognito custom auth flow with USER_PASSWORD_AUTH
- cognito OAuth2 flow
- Use custom authorization logic with AWS Cognito authentication
- How to authenticate user in AWS Custom authorizer?
- Additional authorization logic for Cognito User Pools User