- Newest
- Most votes
- Most comments
Hello Igor, thank you for reaching out! It seems like you’re getting a 400 Bad Request when trying to exchange Client Credentials for an Access Token using Amazon Cognito. From the documention, you have this part:
grant_type=client_credentials& scope=cdrs/producer.all
But, I have noticed you are getting the separator “/” replaced by “%2F” in your Postam raw data:
grant_type=client_credentials&scope=cdrs%2Fproducer.all
In fact, the “/” is a separator in your case and since every byte as to be correct for socket communication (as you mentionned), the issue is getting the correct syntax i.e., the “/” as a separator. With URL encoding, the “%2F” becomes an ordinary character that simply represents "/" character in element of your url, not a separator. To solve this, you would need to use a parameter for your scope value (i.e., scope = x and x = "cdrs/producer.all"), and then explicitly tell the browser not to decode it.
Another thing to review is your app configuration when exchanging your authorization code for token. You are missing the client_id and the code as well as the redirect_uri. Here a sample from the documention that will help you solve that:
POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token& Content-Type='application/x-www-form-urlencoded'& Authorization=Basic ZGpjOTh1M2ppZWRtaTI4M2V1OTI4OmFiY2RlZjAxMjM0NTY3ODkw
grant_type=authorization_code&
client_id=1example23456789&
code=AUTHORIZATION_CODE&
redirect_uri=com.myclientapp://myclient/redirect
You can find more details here: https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
Here is another relevant documentation: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
Please feel free to reach out if you need any help or further assistance !
Relevant content
- asked 10 months ago
- asked 2 months ago
- asked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Tried with postman, no problem there and it works, but in the code I am using socket communication, thus every byte has to be correct, tried also this way as postman displays the form data in raw form like this:
grant_type=client_credentials&scope=cdrs%2Fproducer.all
In postman it shows this part as the body, but putting these into body tags didnt help either.