Reputation: 336
AWS - Cognito Authentication - Curl Call - Generate Token Without CLI - No Client Secret
I have created a API Gateway and I have applied Cognito Authentication there. Here to have the API Call work I am using AWS CLI to get Token , Here is my CLI Code
aws cognito-idp admin-initiate-auth --user-pool-id us-west-2_leb660O8L --client-id 1uk3tddpmp6olkpgo32q5sd665 --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=myusername,PASSWORD=mypassword
Now I want to use CURL Call instead of this CLI Call. I have found the code but all needs client secret here. I do not have client secret as my user pool is of Enable Signin for server-based authentication.
Please guide me how I can use that.
I have gone through https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html [What will be the EndPoint for Calling IntiateAuth Or AdminIntiateAuth] & https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
To Summarise this : I want to get Id_Token Using Curl or Postman without Client Secret.
Thanks in advance
Upvotes: 14
Views: 21675
Answers (2)
Reputation: 30113
Just sharing direct curl here may helpful to anyone
curl -X POST --data @user-data.json \
-H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' \
-H 'Content-Type: application/x-amz-json-1.1' \
https://cognito-idp.<just-replace-region>.amazonaws.com/
file json user-data.json
{"AuthParameters" : {"USERNAME" : "sadfsf", "PASSWORD" : "password"}, "AuthFlow" : "USER_PASSWORD_AUTH", "ClientId" : "csdfhripnv7sq027kktf75"}
make sure your app client does not contain app-secret or create new app without secret. also inside app enable USER_PASSWORD_AUTH
Upvotes: 13
Reputation: 3644
You can authenticate a user with the following request. This is the endpoint of the InitiateAuth request.
Hope that this is useful for you
Method: POST
Endpoint: https://cognito-idp.{REGION}.amazonaws.com/
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth
Body:
{
"AuthParameters" : {
"USERNAME" : "YOUR_USERNAME",
"PASSWORD" : "YOUR_PASSWORD"
},
"AuthFlow" : "USER_PASSWORD_AUTH", // Don't have to change this if you are using password auth
"ClientId" : "APP_CLIENT_ID"
}
And the response as the following
{
"AuthenticationResult": {
"AccessToken": "YOUR_ACCESS_TOKEN",
"ExpiresIn": 3600,
"IdToken": "YOUR_ID_TOKEN",
"RefreshToken": "YOUR_REFRESH_TOKEN",
"TokenType": "Bearer"
},
"ChallengeParameters": {}
}
Upvotes: 24
Related Questions
- AWS CLI - how to generate security tokens for a cognito user
- TOKEN endpoint returns invalid_client without client secret
- Getting 401 Unauthorized from AWS Cognito + API Gateway when accessing from Postman or cURL
- How to generate access token for an AWS Cognito user?
- Aws Cognito : how to get the token for API command line testing?
- How to test calls to an Amazon API gateway using Cognito Auth
- How to pass Cognito token to Amazon API Gateway?
- AWS Cognito Rest API to get the token
- AWS Cognito for Basic Authentication
- AWS Cognito - API (not SDK) - Basic sign up