Menu
How to get jwt token in single step(api call) from aws cognito oauth2/token endpoint passing username and password
curl --location --request POST 'https://xxx.auth.us-east-2.amazoncognito.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic a......k' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=t34...nu'
--Authorization base64ecoded username:password
Response- "error": "invalid_client"
App client settings :
Allowed OAuth Flows : Authorization code grant, Implicit Grant
Allowed OAuth scope : email , openid
App clients : ALLOW_USER_PASSWORD_AUTH
I tried oauth2/authorize too but getting html page in response
454
There's no need to add the Authorization header. Instead, use the code you see in the URL. This worked for me.
curl --location --request POST 'https://xxx.auth.us-east-2.amazoncognito.com/oauth2/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'client_id=t34...nu'
--data-urlencode 'code=afa78ac6-..-b8dd-5b'
--data-urlencode 'redirect_uri=path'
answered Dec 13 '25 11:12
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With