AWS - Cognito Authentication - Curl Call - Generate Token Without CLI

I have created a API Gateway and I have applied Cognito Authentication there. Here to have the API Call work I am using AWS CLI to get Token , Here is my CLI Code

aws cognito-idp admin-initiate-auth --user-pool-id us-west-2_leb660O8L --client-id 1uk3tddpmp6olkpgo32q5sd665 --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=myusername,PASSWORD=mypassword

Now I want to use CURL Call instead of this CLI Call. I have found the code but all needs client secret here. I do not have client secret as my user pool is of Enable Signin for server-based authentication.

User Pool app Client Settings

Please guide me how I can use that.

I have gone through https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html [What will be the EndPoint for Calling IntiateAuth Or AdminIntiateAuth] & https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html

To Summarise this : I want to get Id_Token Using Curl or Postman without Client Secret.

Thanks in advance

How do I get my Cognito authentication token?

You can request an access token for a custom scope from the token endpoint when, in the app client, the requested scope is enabled, you have configured a client secret, and you have allowed client_credentials grants. Required. The ID of an app client in your user pool.

How do I get AWS bearer token?

The easiest way to get bearer token is to install AWS CLI and configure it, using aws configure command. For configuring, we must need to know access key, secret key, region of user. These things can be get by AWS users section.

You can authenticate a user with the following request. This is the endpoint of the InitiateAuth request.

Hope that this is useful for you

Method: POST
Endpoint: https://cognito-idp.{REGION}.amazonaws.com/
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth
Body:
{
    "AuthParameters" : {
        "USERNAME" : "YOUR_USERNAME",
        "PASSWORD" : "YOUR_PASSWORD"
    },
    "AuthFlow" : "USER_PASSWORD_AUTH", // Don't have to change this if you are using password auth
    "ClientId" : "APP_CLIENT_ID"
}

And the response as the following

{
    "AuthenticationResult": {
        "AccessToken": "YOUR_ACCESS_TOKEN",
        "ExpiresIn": 3600,
        "IdToken": "YOUR_ID_TOKEN",
        "RefreshToken": "YOUR_REFRESH_TOKEN",
        "TokenType": "Bearer"
    },
    "ChallengeParameters": {}
}

Just sharing direct curl here may helpful to anyone

curl -X POST --data @user-data.json \
-H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' \
-H 'Content-Type: application/x-amz-json-1.1' \
https://cognito-idp.<just-replace-region>.amazonaws.com/

file json user-data.json

{"AuthParameters" : {"USERNAME" : "sadfsf", "PASSWORD" : "password"}, "AuthFlow" : "USER_PASSWORD_AUTH", "ClientId" : "csdfhripnv7sq027kktf75"}

make sure your app client does not contain app-secret or create new app without secret. also inside app enable USER_PASSWORD_AUTH

AWS - Cognito Authentication - Curl Call - Generate Token Without CLI - No Client Secret

Tags:

curl

amazon-web-services

postman

amazon-cognito

aws-sdk

ParthKansara

People also ask

2 Answers

junwen-k

Harsh Manvar

Recent Activity

Donate For Us