AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Trouble get access to API GAteway with Cognito UserPool

0

Currently Iam confused about access the API Gateway with Cignito UserPool. In my mind I have to get an access token from Cognito to get access to the API Gateway. For this I use:

curl -X POST -H "content-type: application/x-www-form-urlencoded" --data grant_type=client_credentials --data Authorization="Basic mybase64" --data client_id=<cognito clientid> --data scope=openid https://<myurl>auth.eu-central-1.amazoncognito.com/oauth2/token

Also tried

curl -X POST -H "content-type: application/x-www-form-urlencoded" -H "Authorization=Basic mybase64" --data grant_type=client_credentials  --data client_id=<ognito clientid> --data scope=openid https://<myurl>.auth.eu-central-1.amazoncognito.com/oauth2/token

But whatever I tried I get an {"error":"invalid_client"} back. What is the well working curl method to get the Bearer Token for API Access?

주제
서버리스프론트엔드 웹 및 모바일네트워킹 및 콘텐츠 전송보안, 신원 및 규정 준수
태그
아마존 API 게이트웨이아마존 Cognito
언어
English
Ognif
질문됨 2달 전185회 조회
2개 답변
1

You can use the following curl command to exchange an authorization code for tokens:

curl -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Authorization: Basic <your_base_64>" \
  --data "grant_type=client_credentials&client_id=<cognito_client_id>&scope=openid" \
  "https://<your_domain>.auth.eu-central-1.amazoncognito.com/oauth2/token"

Replace the placeholders with your actual values. For more details, you can refer to the Cognito Token Endpoint.

Expected result:

HTTP/1.1 200 OK
                            Content-Type: application/json
                            
                            {
                            "access_token":"eyJra1example", 
                            "token_type":"Bearer", 
                            "expires_in":3600
                            }
profile picture
전문가
Osvaldo Marte
답변함 2달 전
profile pictureAWS
전문가
Didier_Durand
검토됨 2달 전
  • Ognif
    2달 전

    For me I still get the error {"error":"invalid_client"} I rechecked all the data again. Like base64 string, This is the user inside the user pool, login and password, this is confirmed. The cognito URL is good and the cognito client_id is the one I can find on App client page und Client ID (Above Clients Secret)

0

For me I still get the error {"error":"invalid_client"} I rechecked all the data again. Like base64 string, This is the user inside the user pool, login and password, this is confirmed. The cognito URL is good and the cognito client_id is the one I can find on App client page und Client ID (Above Clients Secret)

After some reading I tried to use for Authorization: Basic <your_base_64> the "clientid:clientsecret" from the cognito client (bas64) now I get an {"error":"invalid_grant"}.

Sorry, but I read that an "Expert" has approved the above answer but nothing works in my try outs. Isn't there a clear, undestandable and working sample somewhere in the AWS word?

Ognif
답변함 2달 전
  • Osvaldo Marte 전문가
    2달 전

    Hey Ognif, the Authorization header should be in the format Basic base64(client_id:client_secret). Try to store the variable in an environment variable and then run the command, for example:

    CLIENT_ID="<your_client_id>"
CLIENT_SECRET="<your_client_secret>"
COGNITO_DOMAIN="<your_cognito_domain>"
BASE64_AUTH=$(echo -n "$CLIENT_ID:$CLIENT_SECRET" | base64)

curl -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Authorization: Basic $BASE64_AUTH" \
  --data "grant_type=client_credentials&client_id=$CLIENT_ID&scope=openid" \
  "https://$COGNITO_DOMAIN.auth.eu-central-1.amazoncognito.com/oauth2/token"

    Make sure you have the correct grant_type grant_type=client_credentials

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠