Greetings,

Thank you for raising this query regarding your Cognito user pool and app clients. I understand that you've encountered two client configurations with no secrets.

Please note that In the context of Amazon Cognito, app client creation leverages predefined options aligned with standard OAuth client types: public and confidential. Refine your understanding of these concepts via this documentation [1].

Further, the amplify add auth command within the Amplify CLI automatically generates two app clients when initializing Cognito authentication for a new Amplify project. This facilitates diverse authentication flows tailored for both client-side (mobile app) and server-side (backend) interactions.

The client-side app client, intended for front-end integration, typically operates without a client secret. Conversely, server-to-server authentication, employed by native app clients, necessitates a client secret. To cater to both scenarios, your Cognito setup requires:

Web app client: App client without a client secret, suitable for browser-based applications. Native app client: App client with a client secret, facilitating secure server-to-server communication.

For detailed guidance on leveraging existing Cognito resources within your Amplify API, please see the following documentation [2].

In conclusion: Kindly ensure your Cognito user pool comprises at least two app clients with distinct configurations: One app client without a client secret: For client-side (web) authentication. One app client with a client secret: For server-side (native app) authentication.

With that said, I hope the above information will prove helpful to you.

Have a wonderful day ahead!

=============== References:

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html [2] https://aws.amazon.com/blogs/mobile/use-existing-cognito-resources-for-your-amplify-api-storage-and-more/