CODEWITHSUNDEEP
amazon-cognito
orestis
orestis

Reputation: 972

Cognito AUTHORIZATION endpoint responsds with invalid client

I have set up a Cognito authorizer with an App client that is connected to Google Identity Provider.

"Callback URL" is http://localhost and "Sign out URL" is http://localhost/logout. I have enabled the "Authorization code grant" and the "Implicit grant" flows and the I want to implement the following flow :

  1. User sends a GET request to the LOGIN endpoint (/login) which is the following:

https://mycognAuthorizer.auth.eu-west-1.amazoncognito.com/login?client_id=MYCLIENTID&redirect_uri=http://localhost&response_type=code

  1. User sends a POST request to the TOKEN endpoint (/oauth2/token) with the following parameters
POST https://hocublen.auth.eu-west-1.amazoncognito.com/oauth2/token
Content-Type='application/x-www-form-urlencoded'

grant_type:authorization_code&
client_id:<MYCLIENTID>&
redirect_uri:http://localhost&
code:<CODE_FROM_LOGIN>

Where <CODE_FROM_LOGIN> is the code returned by /login endpoint on the first step.

My problem is that the first endpoint (/login) works fine and I get the code, but the second endpoint always returns a Bad Request response with an "invalid client" message.

Is there something that can be missing from the configuration?

Also, if I choose to ask for a token from the login endpoint instead of a code, is this token equivalent with that of the TOKEN endpoint?

Upvotes: 2

Views: 3371

Answers (2)

senaykt
senaykt

Reputation: 68

Invalid client is occured when you're generating client_secret for your app clients. You should add your client_secret in your request.

Upvotes: 1

orestis
orestis

Reputation: 972

It seems that when one creates an AppClient the "Generate client secret" is enabled by default, but in subsequent views of the AppClient, one has to press show details to see that the password is set and what the password is.

For the scope of my needs, I just removed the password.

Upvotes: 4

Related Questions