AWS - Cognito Authentication - Curl Call - Generate Token Without CLI - No Client Secret

Question

I have created a API Gateway and I have applied Cognito Authentication there. Here to have the API Call work I am using AWS CLI to get Token , Here is my CLI Code

Answer 1

You can authenticate a user with the following request. This is the endpoint of the InitiateAuth request.

Hope that this is useful for you

Method: POST
Endpoint: https://cognito-idp.{REGION}.amazonaws.com/
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth
Body:
{
    "AuthParameters" : {
        "USERNAME" : "YOUR_USERNAME",
        "PASSWORD" : "YOUR_PASSWORD"
    },
    "AuthFlow" : "USER_PASSWORD_AUTH", // Don't have to change this if you are using password auth
    "ClientId" : "APP_CLIENT_ID"
}

And the response as the following

{
    "AuthenticationResult": {
        "AccessToken": "YOUR_ACCESS_TOKEN",
        "ExpiresIn": 3600,
        "IdToken": "YOUR_ID_TOKEN",
        "RefreshToken": "YOUR_REFRESH_TOKEN",
        "TokenType": "Bearer"
    },
    "ChallengeParameters": {}
}

Answer 2

Just sharing direct curl here may helpful to anyone

curl -X POST --data @user-data.json \
-H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' \
-H 'Content-Type: application/x-amz-json-1.1' \
https://cognito-idp.<just-replace-region>.amazonaws.com/

file json user-data.json

{"AuthParameters" : {"USERNAME" : "sadfsf", "PASSWORD" : "password"}, "AuthFlow" : "USER_PASSWORD_AUTH", "ClientId" : "csdfhripnv7sq027kktf75"}

make sure your app client does not contain app-secret or create new app without secret. also inside app enable USER_PASSWORD_AUTH