"error": "The security token included in the request is invalid."

0

const AWS = require("aws-sdk"); const { CognitoIdentityProvider, AdminCreateUserCommand, CreateUserPoolClientCommand, ListUsersCommand, AdminSetUserPasswordCommand, InitiateAuthCommand, } = require("@aws-sdk/client-cognito-identity-provider"); const dotenv = require("dotenv"); const crypto = require('crypto');

dotenv.config();

const AWS_COGNITO_KEY = process.env.ACCESS_KEY_ID; const AWS_COGNITO_SECRET = process.env.SECRET_ACCESS_KEY; const COGNITO_REGION = process.env.COGNITO_REGION;

AWS.config.update({ accessKeyId: AWS_COGNITO_KEY, secretAccessKey: AWS_COGNITO_SECRET, region: COGNITO_REGION, });

const cognitoISP = new CognitoIdentityProvider({ region: COGNITO_REGION }); const userPoolConfig = { Policies: { PasswordPolicy: { MinimumLength: 8, RequireUppercase: true, RequireLowercase: true, RequireNumbers: true, RequireSymbols: true, TemporaryPasswordValidityDays: 7, }, }, UsernameAttributes: ['email'], UsernameConfiguration: { CaseSensitive: false, }, DeletionProtection: 'ACTIVE', MfaConfiguration: 'OFF', AdminCreateUserConfig: { AllowAdminCreateUserOnly: true, }, EmailConfiguration: { EmailSendingAccount: 'COGNITO_DEFAULT', // Disable automatic email sending or 'DEVELOPER', with ARN SourceArn: 'your-source-arn' // SourceArn: 'arn:aws:ses:ap-south-1:929476570592:identity/dummy@example.com' }, Schema: [ { AttributeDataType: 'String', DeveloperOnlyAttribute: false, Mutable: false, Name: 'sub', Required: true, StringAttributeConstraints: { MaxLength: '200', MinLength: '1', }, }, { AttributeDataType: 'String', DeveloperOnlyAttribute: false, Mutable: true, Name: 'name', Required: false, StringAttributeConstraints: { MaxLength: '35', MinLength: '0', }, }, { AttributeDataType: 'String', DeveloperOnlyAttribute: false, Mutable: true, Name: 'email', Required: false, StringAttributeConstraints: { MaxLength: '200', MinLength: '0', }, }, { AttributeDataType: 'String', DeveloperOnlyAttribute: false, Mutable: true, Name: 'phone_number', Required: false, StringAttributeConstraints: { MaxLength: '2048', MinLength: '0', }, }, // Add more custom attributes if needed ], UserPoolTags: { // You can add tags here if needed }, UserPoolAddOns: { AdvancedSecurityMode: 'ENFORCED', // Enable token revocation and prevent user existence errors }, };

module.exports.createClientPool = async (params) => { return new Promise(async (resolve, reject) => { try { let userPoolDetails = await createClientPool(params.poolName);

  const appClientParams = {
    UserPoolId: userPoolDetails.UserPool.Id,
    ClientName: params.client_name,
    GenerateSecret: true
  }

  let userPoolClientDetails = await createUserPoolClient(appClientParams);

  let poolDetails = {
    pool_id: userPoolClientDetails.UserPoolClient.UserPoolId,
    pool_name: userPoolDetails.UserPool.Name,
    client_name: userPoolClientDetails.UserPoolClient.ClientName,
    client_id: userPoolClientDetails.UserPoolClient.ClientId,
    client_secret: userPoolClientDetails.UserPoolClient.ClientSecret,
    pool_created_at: userPoolDetails.UserPool.CreationDate,
    pool_modified_at: userPoolDetails.UserPool.LastModifiedDate,
  }

  resolve(poolDetails);
} catch (error) {
  reject(error);
}

}); }

module.exports.createUserCognitoProfile = async (params) => { return new Promise(async (resolve, reject) => { try { const data = await cognitoISP.send(new AdminCreateUserCommand(params)); resolve(data); } catch (error) { console.error('Error signing up:', error); reject(error); } }); }

module.exports.getUserCognitoProfileDetails = async (checkPayload) => { return new Promise(async (resolve, reject) => { try { const data = await cognitoISP.send(new ListUsersCommand(checkPayload));

  if (data && data.Users && data.Users.length > 0) {
    console.log('User details:', data.Users);
    resolve(data);
  } else {
    reject({ error: 'User not found' });
  }
} catch (error) {
  console.error('Error fetching user details:', error);
  reject(error);
}

}); };

module.exports.generateResetPassword = async (payload) => { return new Promise(async (resolve, reject) => { try { const data = await cognitoISP.send(new AdminSetUserPasswordCommand(payload)); resolve(data); } catch (error) { reject(error); } }); };

module.exports.signIn = async (payload) => { return new Promise(async (resolve, reject) => { const secretHash = generateSecretHash(payload.aws_client_id, payload.aws_client_secret, payload.username);

const params = {
  AuthFlow: process.env.AUTH_FLOW,
  ClientId: payload.aws_client_id,
  AuthParameters: {
    USERNAME: payload.username,
    PASSWORD: payload.password,
    SECRET_HASH: secretHash,
  },
};

try {
  const data = await cognitoISP.send(new InitiateAuthCommand(params));
  resolve(data);
} catch (error) {
  reject(error);
}

}); };

function generateSecretHash(CLIENT_ID, CLIENT_SECRET, username) { const hmac = crypto.createHmac("sha256", CLIENT_SECRET); hmac.update(username + CLIENT_ID); return hmac.digest("base64"); }

function createClientPool(poolName) { return new Promise((resolve, reject) => { userPoolConfig.PoolName = poolName; cognitoISP.send(new AdminCreateUserCommand(userPoolConfig), (error, data) => { if (error) { console.error('Error creating user pool:', error); reject(error); } resolve(data); }); }); }

function createUserPoolClient(appClientParams) { return new Promise((resolve, reject) => { cognitoISP.send(new CreateUserPoolClientCommand(appClientParams), (error, data) => { if (error) { console.error('Error creating app client:', error); reject(error); } resolve(data); }); }); }

1 Answer
0
Accepted Answer

Based on the information you have provided, it is difficult to answer your question. Still trying to provide some hints:

  • In most cases, this error means that your access key and/or access key ID are invalid, see here
  • You might find additional valuable information in the following Github issue report
profile pictureAWS
Michael
answered 3 months ago
  • Thanks Michael, I had found the solution and it was related to AWS IAM credentials

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions