Obtaining new Access and Refresh Token in case of Device Authorization Grant with AWS Cognito

Question

We are implementing the Device Authorization Grant with AWS Cognito using the information provided in this AWS Blog - [Implement OAuth 2.0 device grant flow by using Amazon Cognito and AWS Lambda](https://aws.amazon.com/blogs/security/implement-oauth-2-0-device-grant-flow-by-using-amazon-cognito-and-aws-lambda/).
Related to this setup, what is the way to get a new access token and refresh token using the current refresh token? What is the endpoint to which the request has to be sent? A sample request and response for this flow would be helpful.

Accepted Answer

You need to send a [POST request](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html) with your refresh token to the Cognito [token endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html).

> ℹ️ In the previous link you will find some examples of requests and responses

Answer

Thank you, @Osvaldo Marte.

**Request:**

```
curl --location 'https://{your-cognito-domain}.auth.{aws-region}.amazoncognito.com/oauth2/token' \
--header 'Authorization: Basic {Base64Encode(client_id:client_secret)}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token={your_refresh_token}'
```

**The response will be:**

```
{
    "id_token": "{id_token}",
    "access_token": "{access_token}",
    "expires_in": 3600,
    "token_type": "Bearer"
}
```

Obtaining new Access and Refresh Token in case of Device Authorization Grant with AWS Cognito

Relevant content