- Newest
- Most votes
- Most comments
Hello.
When using Amazon Cognito, the Client ID and Client Secret are associated with an App Client, not an individual user.
How you can get secrets:
Navigate to Cognito.
User Pools:
- Choose the user pool you created.
App Clients:
- Click on "App clients" on the left side menu.
- Click on “Add an app client”.
- Fill in the “App client name”.
- Unselect "Generate client secret" if you are building a client-side application like a single-page app, because the client secret should not be stored in unsecure client-side code. For server-side applications, keep it selected.
- Adjust other settings as per your use case and click “Create app client”.
Retrieve Client ID and Client Secret:
- Go back to the “App clients” section.
- You will see your new app client listed there. The “App client id” is visible directly on this page.
- If you generated a client secret, click on “Show Details” to view the “App client secret”.
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html
Regards, Andrii
in AWS Cognito for your use case. AWS Cognito is designed to manage users and their attributes in a scalable way. Here’s how you might structure this:
- User Creation and Management Bulk User Creation:
Cognito doesn’t directly support bulk user creation. However, you can automate user creation using the AWS SDK (Boto3 for Python, etc.) by looping through your user data and making a call to create each user. API: admin_create_user(ClientId='your-app-client-id', Username='username', UserAttributes=[...]) User Attributes:
Add the customerID or any other custom attribute you need by modifying the user pool attributes. Navigate to "User Pools" → Your user pool → "Attributes" section → "Add custom attribute". When creating users (either through the AWS Management Console, AWS SDK, or AWS CLI), make sure to assign the relevant customerID.
- Authenticating Users Users authenticate through the Cognito User Pool. When users sign in, Cognito returns JWT tokens. Users pass these tokens in the Authorization header when making API requests.
Regards, Andrii
Thanks! Pt1 is fine, we can create them manually and assign id's Regarding pt2, since these users will only access the API I was looking for something else than basic auth with username and password.(i.e client id and client secret) that's not supported then?
If you're looking for an alternative to basic user authentication with username and password (like using API keys or client credentials for each user), AWS Cognito might not be the optimal solution since it primarily revolves around end-user authentication (with a username and password, or with tokens obtained via identity federation).
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago
I see - then I might be completly off track. What I need is to be able to create 100+ users that can authenticate and get access to my API's. Since the backend data is e.g order details for all those users, I need to be able to add a customerID field to each user so that I can respond with the user's own orders. One app Id per user doesn't seem like the right approach here :)