How to resolve AWS Cognito SDK error: "Client <XYZ> is configured for secret but secret was not received?"

Question

I'm asking this question because I was surprised how little information I could find from Googling. However, I was able to track down what I think is the root cause. I'll share it as an answer and see if someone is able to elaborate or provide a better explanation.

So, to clarify, I'm using the AWS JavaScript SDK for Cognito. When I tried some of the standard use cases, I received the following error:

Client is configured for secret but secret was not received

What steps can I take to resolve this?

Answer 1

I heard the same issue and I have to delete App Clients. Create a new App Clients and uncheck Generate client secret. Everything worked as expected in my code.

Answer 2

If you are not using an SDK to communicate with Cognito, you can include "SECRET_HASH" in "AUTH_PARAMETERS". To compute the "SECRET_HASH", please refer to AWS Docs:

https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash

Here is an example of how to log in users using Python using a client that has both a client ID and client secret:

import json
import requests
import hmac
import hashlib
import base64

client_id = ""
client_secret = ""
cognito_url = ""
username = ""
password = ""

secret_hash = base64.b64encode(hmac.new(bytes(client_secret, 'utf-8'), bytes(
    username + client_id, 'utf-8'), digestmod=hashlib.sha256).digest()).decode()

reqData = {
    "AuthParameters": {
        "USERNAME": username,
        "PASSWORD": password,
        "SECRET_HASH": secret_hash
    },
    "AuthFlow": "USER_PASSWORD_AUTH",
    "ClientId": client_id
}

headers = {
    "X-Amz-Target": 'AWSCognitoIdentityProviderService.InitiateAuth',
    "Content-Type": 'application/x-amz-json-1.1'
}

jsonResponse = requests.post(
    url=cognito_url, data=json.dumps(reqData), headers=headers).json()
    
print(jsonResponse)