**Cognito Userpool question **
regarding Authentication Flows (e.g ALLOW_USER_PASSWORD_AUTH , ALLOW_USER_SRP_AUTH )
(Please note - I’m NOT talking about OAuth Flows. I am talking about Authentication Flows like ALLOW_USER_PASSWORD_AUTH).
What’s the importance of this?
If I select SOME value or NO for Authentication flow from cognito UI nothing changes for me in terms of output.
I still get the valid Auth Token back from Cognito.
Then what is the importance of Authentication Flow?
For example, I am using following endpoint to get the token:
curl POST https://<cognito_domain>/oauth2/token
-
No Authentication Flow chosen
curl POST https://<cognito_domain>/oauth2/token
===> I get valid token back. No as a end-user any experience change.
-
ALLOW_USER_PASSWORD_AUTH Authentication Flow chosen
curl POST https://<cognito_domain>/oauth2/token
===> I get valid token back. No as a end-user any experience change
-
ALLOW_USER_SRP_AUTH Authentication Flow chosen
curl POST https://<cognito_domain>/oauth2/token
===> I get valid token back. No as a end-user any experience change
Then question is, what’s happening when I choose Authentication Flow?
AWS OFFICIALUpdated a year ago
Thanks but it doesn't help to understand my question.
My question is: I am using following endpoint to get the token: curl POST https://<cognito_domain>/oauth2/token
No Authentication Flow chosen curl POST https://<cognito_domain>/oauth2/token ===> I get valid token back. No as a end-user any experience change.
ALLOW_USER_PASSWORD_AUTH Authentication Flow chosen curl POST https://<cognito_domain>/oauth2/token ===> I get valid token back. No as a end-user any experience change
ALLOW_USER_SRP_AUTH Authentication Flow chosen curl POST https://<cognito_domain>/oauth2/token ===> I get valid token back. No as a end-user any experience change
Then question is, what’s happening when I choose Authentication Flow? What's the important of Authentication flow?