Amazon Cognito Identity SDK for JavaScript support Authorization Code Grant flow?

Question

Is there anyway to configure and utilize the Amazon Cognito Identity SDK for JavaScript (https://www.npmjs.com/package/amazon-cognito-identity-js) to use the Authorization Code Grant flow? It seems like it only supports Implicit Grant, indicating that you should not generate a Client Secret when creating an AppClient and the users credentials are exchanged directly for JWTs with an API call.

Utilizing the Amazon Cognito Hosted UI options, the redirect after successful authentication with user credentials includes the authorization code and it can be posted to a backend server/API that performs the interaction with the Token endpoint to exchange the authorization code for JWTs.

Is instead of getting the user's JWTs directly from Cognito using this library/SDK, is it possible for it just mimic the Hosted UI flow and return a authorization code?

Answer 1

Confirmed with AWS Support - no, this is NOT possible currently. There is a feature request for this but no ETA or schedule for its release.

"Currently, it is not possible to implement oauth2 authorization code grant flow without using hosted UI for authentication. This is because there is no public API to retrieve the authorization code from Cognito and it has to be passed back to Hosted UI after successful authentication.

There is currently a Feature Request to have the ability to use authorization code grant flow without using the hosted UI."