Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cognito; unauthorized_client error when hitting /oauth2/token

Tags:

Steps taken so far:

  • Set up new user pool in cognito
  • Generate an app client with no secret; let's call its id user_pool_client_id
  • Under the user pool client settings for user_pool_client_id check the "Cognito User Pool" box, add https://localhost as a callback and sign out url, check "Authorization Code Grant", "Implicit Grant" and everything under "Allowed OAuth Scopes"
  • Create a domain name; let's call it user_pool_domain

Create a new user with a username/password

Now, I can successfully go to:

https://{{user_pool_domain}}.auth.us-east-2.amazoncognito.com/oauth2/authorize?response_type=code&client_id={{user_pool_client_id}}&redirect_uri=https%3A%2F%2Flocalhost

This presents me with a login page and I am able to login as my user which returns me to https://localhost/?code={{code_uuid}}

I then try the following: curl -X POST https://{{user_pool_domain}}.auth.us-east-2.amazoncognito.com/oauth2/token -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=authorization_code&redirect_uri=https%3A%2F%2Flocalhost&code={{code_uuid}}&client_id={{user_pool_client_id}}'

However, this just returns back the following: {"error":"unauthorized_client"}

The token endpoint docs say that unauthorized_client is because "Client is not allowed for code grant flow or for refreshing tokens." which is confusing because I checked the boxes allowing the client to use the code grant flow.

like image 807
TranquilMarmot Avatar asked May 10 '18 02:05

TranquilMarmot

People also ask

Does Cognito use oauth2?

In addition to using the Amazon Cognito-specific user APIs to authenticate users, Amazon Cognito user pools also support the OAuth 2.0 authorization framework for authenticating users.

How do you authenticate with tokens with Cognito?

Authenticating with tokensWhen a user signs into your app, Amazon Cognito verifies the login information. If the login is successful, Amazon Cognito creates a session and returns an ID, access, and refresh token for the authenticated user.

How do I refresh my Cognito access token?

Initiate new refresh tokens (API)Pass REFRESH_TOKEN_AUTH for the AuthFlow parameter. The authorization parameter, AuthParameters , is a key-value map where the key is "REFRESH_TOKEN" and the value is the actual refresh token. Amazon Cognito returns new ID and access tokens after your API request passes all challenges.

What is oath2?

OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user.

1 Answers

So, it turns out that the user pool has to have a trailing slash (https://localhost/) and then that trailing slash has to be used in all of the callback URLs. Then it decides to work!

like image 101
TranquilMarmot Avatar answered Oct 28 '22 01:10

TranquilMarmot
Sign in to Comment

Related questions

ENOENT: no such file or directory for node_modules\jquery\dist\jquery.min.js'
org.gradle.api.UncheckedIOException: Failed to capture snapshot of input
How to mock uuid with Jest
IntelliJ Compilation Error zip END header not found
Await future for a specific time
How can I undo my last commit in Git and stash those changes instead?
What benefits does Chisel offer over classic Hardware Description Languages? [closed]
@Generated annotation using gradlew + dagger
Navigation Component: Cannot find NavController
Unsupported Modules Detected: Unfortunately you can't have non-Gradle Java modules and Android-Gradle modules in one project
TypeScript type for reduce
How to get theme color inside the widget in Flutter

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!