Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

debugging 'invalid_request' on TOKEN endpoint

0

I have set up a new User Pool with an App Client:

  • no App client secret
  • Auth Flows Configuration ALLOW_USER_PASSWORD_AUTH and ALLOW_REFRESH_TOKEN_AUTH

Under App Integration I have:

  • enabled Cognito User Pool
  • provided Callback URL(s)
  • enabled Authorization code grant
  • Allowed OAuth Scopes: email, opened

In my app I call the LOGIN endpoint:
https://myapp.auth.ap-southeast-2.amazoncognito.com/login?client_id=${AUTH_CLIENT_ID}&state=${state}&response_type=code&redirect_uri=${AUTH_CALLBACK_URI}

When I get back the code from the redirect I call the TOKEN endpoint:

const config = {  
    headers: {  
        'Content-Type': 'application/x-www-form-urlencoded'  
    }  
}  

const data = {  
    "grant_type": "authorization_code",  
    "client_id": AUTH_CLIENT_ID,  
    "code": code,  
    "redirect_uri": AUTH_CALLBACK_URI  
}  
   
const response = await axios.post('https://hilltop-dev.auth.ap-southeast-2.amazoncognito.com/oauth2/token', data, config)

From the above request, I get a 400 invalid_request response with no details.

There are no logs I can find for Cognito with any more details.
There are no CloudTrail events with any more details

As far as I can tell after checking several times the request is valid.

I've tried setting the same app but with a client_secret and Authorization basic base64 header, but get the same invalid_request response.

What's wrong with this request? How do I debug this request without any info??

Argomenti
Sicurezza, identità e conformità
Tag
Amazon Cognito
Lingua
English
MonkeyBites
posta 3 anni fa4023 visualizzazioni
1 Risposta
0

Figured out the POST body isn't JSON but a query string format:

// redirect the user to this URI  
function getAuthUri() {  
	const state = crypto.randomBytes(20).toString('hex')  
	const uri = `${AUTH_DOMAIN}/login?client_id=${AUTH_CLIENT_ID}&state=${state}&response_type=code&redirect_uri=${AUTH_CALLBACK_URI}`  
	return uri  
}  

// after extracting the code from the authentication redirect (to AUTH_CALLBACK_URI), use this to get the access token  
async function getAccessToken(code) {  
	const config = {  
		headers: {  
			'Authorization': 'Basic ' _ Buffer.from(AUTH_CLIENT_ID _ ':' + AUTH_CLIENT_SECRET).toString('base64'),  
			'Content-Type': 'application/x-www-form-urlencoded'  
		}  
	}  

	const body = `grant_type=authorization_code&client_id=${AUTH_CLIENT_ID}&code=${code}&redirect_uri=${AUTH_CALLBACK_URI}`  

	try {  
		const response = await axios.post(`${AUTH_DOMAIN}/oauth2/token`, body, config)  
		return response.data.access_token  
	}  
	catch (err) {  
		console.log(err.response.data.error)  
		throw err  
	}  
}  

// use the access token  
async function getUser(accessToken) {  
	const config = {  
		headers: {  
			Authorization: `Bearer ${accessToken}`  
		}  
	}  

	const response = await axios.get(`${AUTH_DOMAIN}/oauth2/userInfo`, config)  
	const user = response.data  
	return user  
}
MonkeyBites
con risposta 3 anni fa
  • irfan
    un anno fa

    i have encountered same invalid_request error and applied your answer but still getting the same error.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente