getting 400 Bad Request - access token

0

Hello,

the topic is Exchanging Client Credentials for an Access Token

I keep failing with 400 Bad Request, was trying various things in the request structure, doesn't help. Not sure where is the problem in the syntax.

Two examples:


POST /oauth2/token HTTP/1.1
Host: coloman-test.auth.eu-central-1.amazoncognito.com
Authorization: Basic Nm43azF0Njc4bXRyazJ2NTBxNzI4dnJ2ZXQ6dmRtYjZhcmRlZDJuajZtdDg4Y2V1bmY1MXNsdXZnaXRobnZnZDk0MTI4NXFsNDF0a2xz
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&
scope=cdrs/producer.all

this at least returned {"error":"invalid_request"} in the response and also the request_id: x-amz-cognito-request-id: 16aa5385-bd05-4cce-8950-0fa4742d9745

When I try the same syntax like in the documentation:

POST https://coloman-test.auth.eu-central-1.amazoncognito.com/oauth2/token >

Content-Type='application/x-www-form-urlencoded'&

Authorization=Basic Nm43azF0Njc4bXRyazJ2NTBxNzI4dnJ2ZXQ6dmRtYjZhcmRlZDJuajZtdDg4Y2V1bmY1MXNsdXZnaXRobnZnZDk0MTI4NXFsNDF0a2xz

grant_type=client_credentials&
scope=cdrs/producer.all

then, I just receive the body without the header containing the request_id:

<head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> </body> </html>

Can someone help, please?

Regards,

Igor

  • Tried with postman, no problem there and it works, but in the code I am using socket communication, thus every byte has to be correct, tried also this way as postman displays the form data in raw form like this:

    grant_type=client_credentials&scope=cdrs%2Fproducer.all

    In postman it shows this part as the body, but putting these into body tags didnt help either.

iec
asked a year ago629 views
1 Answer
0

Hello Igor, thank you for reaching out! It seems like you’re getting a 400 Bad Request when trying to exchange Client Credentials for an Access Token using Amazon Cognito. From the documention, you have this part:

grant_type=client_credentials& scope=cdrs/producer.all

But, I have noticed you are getting the separator “/” replaced by “%2F” in your Postam raw data:

grant_type=client_credentials&scope=cdrs%2Fproducer.all

In fact, the “/” is a separator in your case and since every byte as to be correct for socket communication (as you mentionned), the issue is getting the correct syntax i.e., the “/” as a separator. With URL encoding, the “%2F” becomes an ordinary character that simply represents "/" character in element of your url, not a separator. To solve this, you would need to use a parameter for your scope value (i.e., scope = x and x = "cdrs/producer.all"), and then explicitly tell the browser not to decode it.

Another thing to review is your app configuration when exchanging your authorization code for token. You are missing the client_id and the code as well as the redirect_uri. Here a sample from the documention that will help you solve that:

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token& Content-Type='application/x-www-form-urlencoded'& Authorization=Basic ZGpjOTh1M2ppZWRtaTI4M2V1OTI4OmFiY2RlZjAxMjM0NTY3ODkw

                        grant_type=authorization_code&
                        client_id=1example23456789&
                        code=AUTHORIZATION_CODE&
                        redirect_uri=com.myclientapp://myclient/redirect

You can find more details here: https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html

Here is another relevant documentation: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html

Please feel free to reach out if you need any help or further assistance !

answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions