Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

debugging 'invalid_request' on TOKEN endpoint

0

I have set up a new User Pool with an App Client:

  • no App client secret
  • Auth Flows Configuration ALLOW_USER_PASSWORD_AUTH and ALLOW_REFRESH_TOKEN_AUTH

Under App Integration I have:

  • enabled Cognito User Pool
  • provided Callback URL(s)
  • enabled Authorization code grant
  • Allowed OAuth Scopes: email, opened

In my app I call the LOGIN endpoint:
https://myapp.auth.ap-southeast-2.amazoncognito.com/login?client_id=${AUTH_CLIENT_ID}&state=${state}&response_type=code&redirect_uri=${AUTH_CALLBACK_URI}

When I get back the code from the redirect I call the TOKEN endpoint:

const config = {  
    headers: {  
        'Content-Type': 'application/x-www-form-urlencoded'  
    }  
}  

const data = {  
    "grant_type": "authorization_code",  
    "client_id": AUTH_CLIENT_ID,  
    "code": code,  
    "redirect_uri": AUTH_CALLBACK_URI  
}  
   
const response = await axios.post('https://hilltop-dev.auth.ap-southeast-2.amazoncognito.com/oauth2/token', data, config)

From the above request, I get a 400 invalid_request response with no details.

There are no logs I can find for Cognito with any more details.
There are no CloudTrail events with any more details

As far as I can tell after checking several times the request is valid.

I've tried setting the same app but with a client_secret and Authorization basic base64 header, but get the same invalid_request response.

What's wrong with this request? How do I debug this request without any info??

Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
MonkeyBites
gefragt vor 3 Jahren4025 Aufrufe
1 Antwort
0

Figured out the POST body isn't JSON but a query string format:

// redirect the user to this URI  
function getAuthUri() {  
	const state = crypto.randomBytes(20).toString('hex')  
	const uri = `${AUTH_DOMAIN}/login?client_id=${AUTH_CLIENT_ID}&state=${state}&response_type=code&redirect_uri=${AUTH_CALLBACK_URI}`  
	return uri  
}  

// after extracting the code from the authentication redirect (to AUTH_CALLBACK_URI), use this to get the access token  
async function getAccessToken(code) {  
	const config = {  
		headers: {  
			'Authorization': 'Basic ' _ Buffer.from(AUTH_CLIENT_ID _ ':' + AUTH_CLIENT_SECRET).toString('base64'),  
			'Content-Type': 'application/x-www-form-urlencoded'  
		}  
	}  

	const body = `grant_type=authorization_code&client_id=${AUTH_CLIENT_ID}&code=${code}&redirect_uri=${AUTH_CALLBACK_URI}`  

	try {  
		const response = await axios.post(`${AUTH_DOMAIN}/oauth2/token`, body, config)  
		return response.data.access_token  
	}  
	catch (err) {  
		console.log(err.response.data.error)  
		throw err  
	}  
}  

// use the access token  
async function getUser(accessToken) {  
	const config = {  
		headers: {  
			Authorization: `Bearer ${accessToken}`  
		}  
	}  

	const response = await axios.get(`${AUTH_DOMAIN}/oauth2/userInfo`, config)  
	const user = response.data  
	return user  
}
MonkeyBites
beantwortet vor 3 Jahren
  • irfan
    vor einem Jahr

    i have encountered same invalid_request error and applied your answer but still getting the same error.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt