AWS - Cognito Authentication - Curl Call - Generate Token Without CLI - No Client Secret
You can authenticate a user with the following request.This is the endpoint of the InitiateAuth request.
Hope that this is useful for you
Method: POSTEndpoint: https://cognito-idp.{REGION}.amazonaws.com/Content-Type: application/x-amz-json-1.1X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuthBody:{ "AuthParameters" : { "USERNAME" : "YOUR_USERNAME", "PASSWORD" : "YOUR_PASSWORD" }, "AuthFlow" : "USER_PASSWORD_AUTH", // Don't have to change this if you are using password auth "ClientId" : "APP_CLIENT_ID"}
And the response as the following
{ "AuthenticationResult": { "AccessToken": "YOUR_ACCESS_TOKEN", "ExpiresIn": 3600, "IdToken": "YOUR_ID_TOKEN", "RefreshToken": "YOUR_REFRESH_TOKEN", "TokenType": "Bearer" }, "ChallengeParameters": {}}
Just sharing direct curl here may helpful to anyone
curl -X POST --data @user-data.json \-H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' \-H 'Content-Type: application/x-amz-json-1.1' \https://cognito-idp.<just-replace-region>.amazonaws.com/
file json user-data.json
{"AuthParameters" : {"USERNAME" : "sadfsf", "PASSWORD" : "password"}, "AuthFlow" : "USER_PASSWORD_AUTH", "ClientId" : "csdfhripnv7sq027kktf75"}
make sure your app client does not contain app-secret or create new app without secret. also inside app enable USER_PASSWORD_AUTH