1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
you can use OAuth2 Client Credential flow with Amazon Cognito as mentioned in the documentation and you can use Mutual X509 authentication with both ALB and Amazon API Gateway. Using mutual TLS for app-to-app authentication would be the recommended way if supported by both parties.
If none of these options are satisfactory, you could use Lambda Authorizers with API Gateway.
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 months ago
Hi! Thanks for answering. From what I've learned, Cognito always redirects to a web browser for signing in. Is there a way of getting a token by using basic auth against a token endpoint? I see in the documentation that client Id and secret can be added to the token endpoint, but It can't be necessary to create a new app for each customer in Cognito? If I have 100 customers that will call the same endpoint and would like to authenticate without browsers (e.g by integrating their ERP systems against our solution), how can that be done?
Still, I really don't understand why AWS doesn't support basic client id and client secret like Azure does..?