By using AWS re:Post, you agree to the AWS re:Post Terms of Use

why amplify add auth generate two app clients ?

1

When creating a new Amplify application with Cognito auth using the amplify push command, two app clients are in Cognito. and both clients only had an ID and did not have a secret. why?

I am using Amplify Add Auth Command.

this is my cognito user-pool app client screenshot for reference,

Enter image description here

Enter image description here

Enter image description here

1 Answer
0

Greetings,

Thank you for raising this query regarding your Cognito user pool and app clients. I understand that you've encountered two client configurations with no secrets.

Please note that In the context of Amazon Cognito, app client creation leverages predefined options aligned with standard OAuth client types: public and confidential. Refine your understanding of these concepts via this documentation [1].

Further, the amplify add auth command within the Amplify CLI automatically generates two app clients when initializing Cognito authentication for a new Amplify project. This facilitates diverse authentication flows tailored for both client-side (mobile app) and server-side (backend) interactions.

The client-side app client, intended for front-end integration, typically operates without a client secret. Conversely, server-to-server authentication, employed by native app clients, necessitates a client secret. To cater to both scenarios, your Cognito setup requires:

Web app client: App client without a client secret, suitable for browser-based applications. Native app client: App client with a client secret, facilitating secure server-to-server communication.

For detailed guidance on leveraging existing Cognito resources within your Amplify API, please see the following documentation [2].

In conclusion: Kindly ensure your Cognito user pool comprises at least two app clients with distinct configurations: One app client without a client secret: For client-side (web) authentication. One app client with a client secret: For server-side (native app) authentication.

With that said, I hope the above information will prove helpful to you.

Have a wonderful day ahead!

=============== References:

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html [2] https://aws.amazon.com/blogs/mobile/use-existing-cognito-resources-for-your-amplify-api-storage-and-more/

AWS
answered a year ago
  • Thank you for sharing your response. It's helped me to understand the concepts. but my doubt what you mentioned one app client without a client secret and one app client with a client secret. in my Cognito user pool, both clients have no secrets. also i have configured amplify react application.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions