Menu
I' using Cognito user pool for securing my API gateway . Now I would like to make requests to my API using postman but I need to pass in Authorization token as the API is secured. Is there any AWS CLI command or REST API to generate auth tokens(by passing username/password)? I have searched documentation but couldn't find any examples. Thanks for your help.
447
To generate the client credentials, you must first concatenate the client ID and client password and separate the values with a colon ( client_ID : client_password ), and then Base64 encode the entire string. Now that we have our client credentials, we can use it to request an access token from the Broker.
Amazon Cognito also has tokens that you can use to get new tokens or revoke existing tokens. Refresh a token to retrieve a new ID and access tokens. Revoke a token to revoke user access that is allowed by refresh tokens. Amazon Cognito issues tokens as Base64-encoded strings.
2.1.Go to AWS Cognito service and click “Manage Identity Pools”. 2. Enter “Identity pool name”, expand the “Authentication providers” section and select “Cognito” tab. This is where the Cognito authentication provider will be registered with the Identity pool.
Initiate new refresh tokens (API) Use the API or hosted UI to initiate authentication for refresh tokens. To use the refresh token to get new ID and access tokens with the user pool API, use the AdminInitiateAuth or InitiateAuth API operations. Pass REFRESH_TOKEN_AUTH for the AuthFlow parameter.
You can do this using the following CLI commands:
Register a user
aws cognito-idp sign-up --region {your-aws-region} --client-id {your-client-id} --username [email protected] --password password123
Confirm user registration
aws cognito-idp admin-confirm-sign-up --region {your-aws-region} --user-pool-id {your-user-pool-id} --username [email protected]
Authenticate (get tokens)
aws cognito-idp admin-initiate-auth --region {your-aws-region} --cli-input-json file://auth.json
Where auth.json is:
{
"UserPoolId": "{your-user-pool-id}",
"ClientId": "{your-client-id}",
"AuthFlow": "ADMIN_NO_SRP_AUTH",
"AuthParameters": {
"USERNAME": "[email protected]",
"PASSWORD": "password123"
}
}
You should get a response like this if everything is set up correctly:
{
"AuthenticationResult": {
"ExpiresIn": 3600,
"IdToken": "{your-idtoken}",
"RefreshToken": "{your-refresh-token}",
"TokenType": "Bearer",
"AccessToken": "{your-access-token}"
},
"ChallengeParameters": {}
}
Use the following command to generate the auth tokens, fill in the xxxx appropriately based on your cognito configuration,
aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id xxxx --auth-parameters [email protected],PASSWORD=xxxx
Note: You can use any one username or password under applicable cognito user pool. The client can be found under general settings--> app client
The AccessKeyId and SecretAccessKey is not required as it already defined while setting up the aws cli. If not done use the following link to set that up first https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
