Java, JS, Android/Ios example about PKCE code grant flow extension

0

Hi guys,

I am researching topics about Cognito. I know how works the Authorization Code Grant Flow with Cognito. But I'm interested on how works the PKCE extension, more specifically how can I develop this extension with a Java example, or it's integrated with the Cognito SDK for Java ?, I would also appreciate other examples in Javascript and/or Android/IOS examples about PKCE. Thanks in advance !

Greetings.

asked 2 years ago353 views
2 Answers
1
Accepted Answer

Hi,

I understand that you would like to have Cognito work with PKCE and wanted to see if there was any examples of how to achieve this.

In order to have PKCE work with the authorization code grant flow you would need to pass the code-challenge-method as well as the code-challenge parameter in the GET request for the authorization endpoint and the code-verifier parameter in the POST request to the token endpoint. I am attaching the following documentation that goes over the authorization endpoint (1) as well as the token endpoint (2). These both have examples of using PKCE. The code-verifier would be a high-entropy cryptographic random STRING using the unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~". The code_challenge would be a SHA256 hash of the code_verifier that is then base64 URL encoded. The code_challenge_method would always be S256 as this is the only method Cognito supports.

I hope you have a great rest of your day!

References

(1) https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html

(2) https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html

AWS
SUPPORT ENGINEER
answered 2 years ago
0

Hi Patrick_V,

Thanks for the reply, just what I was looking for, I will try the code from you links through a Java application, I think I will do it trying with Java SDK. Any extra information would be appreciated, thanks again !

Have a nice day. David C. Software Engineer

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions