Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to resolve AWS Cognito SDK error: "Client <XYZ> is configured for secret but secret was not received?"

I'm asking this question because I was surprised how little information I could find from Googling. However, I was able to track down what I think is the root cause. I'll share it as an answer and see if someone is able to elaborate or provide a better explanation.

So, to clarify, I'm using the AWS JavaScript SDK for Cognito. When I tried some of the standard use cases, I received the following error:

Client is configured for secret but secret was not received

What steps can I take to resolve this?

like image 573
Mackie Messer Avatar asked Aug 31 '25 10:08

Mackie Messer


2 Answers

I heard the same issue and I have to delete App Clients. Create a new App Clients and uncheck Generate client secret. Everything worked as expected in my code. enter image description here

like image 134
MacDonald O.E Avatar answered Sep 03 '25 01:09

MacDonald O.E


If you are not using an SDK to communicate with Cognito, you can include "SECRET_HASH" in "AUTH_PARAMETERS". To compute the "SECRET_HASH", please refer to AWS Docs:

https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash

Here is an example of how to log in users using Python using a client that has both a client ID and client secret:

import json
import requests
import hmac
import hashlib
import base64

client_id = ""
client_secret = ""
cognito_url = ""
username = ""
password = ""

secret_hash = base64.b64encode(hmac.new(bytes(client_secret, 'utf-8'), bytes(
    username + client_id, 'utf-8'), digestmod=hashlib.sha256).digest()).decode()

reqData = {
    "AuthParameters": {
        "USERNAME": username,
        "PASSWORD": password,
        "SECRET_HASH": secret_hash
    },
    "AuthFlow": "USER_PASSWORD_AUTH",
    "ClientId": client_id
}

headers = {
    "X-Amz-Target": 'AWSCognitoIdentityProviderService.InitiateAuth',
    "Content-Type": 'application/x-amz-json-1.1'
}

jsonResponse = requests.post(
    url=cognito_url, data=json.dumps(reqData), headers=headers).json()
    
print(jsonResponse)
like image 44
Adriatik Avatar answered Sep 03 '25 01:09

Adriatik