How does Python contact AWS Cognito Token endpoint with Authorization Code

Question

I'm trying to call the AWS Cognito Token Endpoint to convert my authorization code into the three JWTs. I have this set up and working in Postman, but not in Python. Below is my Python code that I've used, though I'm getting {"error":"invalid_request"} back from AWS. How should I modify the Python code to get the JWTs?

import requests

headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}

data = {
  'grant_type': 'authorization_code',
  'client_id': client_id,
  'code': authorization_code,
  'redirect_uri': redirect_uri,
}

response = requests.post(
  'https://example.auth.us-east-1.amazoncognito.com/oauth2/token',
  json=data,
  auth=(client_id, client_secret),
  headers=headers
)

I've verified the variables contain the proper data and the values match between Postman, Python, and AWS. The request headers contain Content-Type and Authorization with the proper values. I spent about 3 hours on this and have not passed this point, though all of my searching indicates I'm implementing the request properly.

Response:

400 Client Error: Bad Request for url: https://example.auth.us-east-1.amazoncognito.com/oauth2/token {"error":"invalid_request"}

Any help is greatly appreciated.

Answer 1

If it helps, I tried answering this here but here's the snippet to step through most of the logic

token_url=f"https://{domain}.auth.us-east-1.amazoncognito.com/oauth2/token"
message = bytes(f"{client_id}:{client_secret}",'utf-8')
secret_hash = base64.b64encode(message).decode()
payload = {
    "grant_type": 'authorization_code',
    "client_id": client_id,
    "code": code,
    "redirect_uri": redirect_uri
}
headers = {"Content-Type": "application/x-www-form-urlencoded",
            "Authorization": f"Basic {secret_hash}"}
           
resp = requests.post(token_url, params=payload, headers=headers)