debugging 'invalid_request' on TOKEN endpoint

0

I have set up a new User Pool with an App Client:

  • no App client secret
  • Auth Flows Configuration ALLOW_USER_PASSWORD_AUTH and ALLOW_REFRESH_TOKEN_AUTH

Under App Integration I have:

  • enabled Cognito User Pool
  • provided Callback URL(s)
  • enabled Authorization code grant
  • Allowed OAuth Scopes: email, opened

In my app I call the LOGIN endpoint:
https://myapp.auth.ap-southeast-2.amazoncognito.com/login?client_id=${AUTH_CLIENT_ID}&state=${state}&response_type=code&redirect_uri=${AUTH_CALLBACK_URI}

When I get back the code from the redirect I call the TOKEN endpoint:

const config = {  
    headers: {  
        'Content-Type': 'application/x-www-form-urlencoded'  
    }  
}  

const data = {  
    "grant_type": "authorization_code",  
    "client_id": AUTH_CLIENT_ID,  
    "code": code,  
    "redirect_uri": AUTH_CALLBACK_URI  
}  
   
const response = await axios.post('https://hilltop-dev.auth.ap-southeast-2.amazoncognito.com/oauth2/token', data, config)  

From the above request, I get a 400 invalid_request response with no details.

There are no logs I can find for Cognito with any more details.
There are no CloudTrail events with any more details

As far as I can tell after checking several times the request is valid.

I've tried setting the same app but with a client_secret and Authorization basic base64 header, but get the same invalid_request response.

What's wrong with this request? How do I debug this request without any info??

asked 2 years ago3848 views
1 Answer
0

Figured out the POST body isn't JSON but a query string format:

// redirect the user to this URI  
function getAuthUri() {  
	const state = crypto.randomBytes(20).toString('hex')  
	const uri = `${AUTH_DOMAIN}/login?client_id=${AUTH_CLIENT_ID}&state=${state}&response_type=code&redirect_uri=${AUTH_CALLBACK_URI}`  
	return uri  
}  

// after extracting the code from the authentication redirect (to AUTH_CALLBACK_URI), use this to get the access token  
async function getAccessToken(code) {  
	const config = {  
		headers: {  
			'Authorization': 'Basic ' _ Buffer.from(AUTH_CLIENT_ID _ ':' + AUTH_CLIENT_SECRET).toString('base64'),  
			'Content-Type': 'application/x-www-form-urlencoded'  
		}  
	}  

	const body = `grant_type=authorization_code&client_id=${AUTH_CLIENT_ID}&code=${code}&redirect_uri=${AUTH_CALLBACK_URI}`  

	try {  
		const response = await axios.post(`${AUTH_DOMAIN}/oauth2/token`, body, config)  
		return response.data.access_token  
	}  
	catch (err) {  
		console.log(err.response.data.error)  
		throw err  
	}  
}  

// use the access token  
async function getUser(accessToken) {  
	const config = {  
		headers: {  
			Authorization: `Bearer ${accessToken}`  
		}  
	}  

	const response = await axios.get(`${AUTH_DOMAIN}/oauth2/userInfo`, config)  
	const user = response.data  
	return user  
}
answered 2 years ago
  • i have encountered same invalid_request error and applied your answer but still getting the same error.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions