- Newest
- Most votes
- Most comments
You can use the following curl command to exchange an authorization code for tokens:
curl -X POST \ -H "Content-Type: application/x-www-form-urlencoded" \ -H "Authorization: Basic <your_base_64>" \ --data "grant_type=client_credentials&client_id=<cognito_client_id>&scope=openid" \ "https://<your_domain>.auth.eu-central-1.amazoncognito.com/oauth2/token"
Replace the placeholders with your actual values. For more details, you can refer to the Cognito Token Endpoint.
Expected result:
HTTP/1.1 200 OK Content-Type: application/json { "access_token":"eyJra1example", "token_type":"Bearer", "expires_in":3600 }
For me I still get the error {"error":"invalid_client"} I rechecked all the data again. Like base64 string, This is the user inside the user pool, login and password, this is confirmed. The cognito URL is good and the cognito client_id is the one I can find on App client page und Client ID (Above Clients Secret)
After some reading I tried to use for Authorization: Basic <your_base_64> the "clientid:clientsecret" from the cognito client (bas64) now I get an {"error":"invalid_grant"}.
Sorry, but I read that an "Expert" has approved the above answer but nothing works in my try outs. Isn't there a clear, undestandable and working sample somewhere in the AWS word?
Hey Ognif, the Authorization header should be in the format
Basic base64(client_id:client_secret)
. Try to store the variable in an environment variable and then run the command, for example:CLIENT_ID="<your_client_id>" CLIENT_SECRET="<your_client_secret>" COGNITO_DOMAIN="<your_cognito_domain>" BASE64_AUTH=$(echo -n "$CLIENT_ID:$CLIENT_SECRET" | base64) curl -X POST \ -H "Content-Type: application/x-www-form-urlencoded" \ -H "Authorization: Basic $BASE64_AUTH" \ --data "grant_type=client_credentials&client_id=$CLIENT_ID&scope=openid" \ "https://$COGNITO_DOMAIN.auth.eu-central-1.amazoncognito.com/oauth2/token"
Make sure you have the correct grant_type
grant_type=client_credentials
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
For me I still get the error {"error":"invalid_client"} I rechecked all the data again. Like base64 string, This is the user inside the user pool, login and password, this is confirmed. The cognito URL is good and the cognito client_id is the one I can find on App client page und Client ID (Above Clients Secret)