By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Get openid and custom scopes from InitiateAuthAsync or Oauth2 .0 password grant type.

0

Hi, my users do not want to use the Cognito Hosted UI for loging in and prefer to authenticate with a custom api gateway endpoint. We thought it was working fine, but when we try to secure a different api gateway endpoint. We do not have the scopes that will validate when using the access_token

I have tried the .net SDK InitiateAuthAsync call and I am also trying raw http calls to the oauth2/token endpoint "https://{our domain}.auth.us-east-1.amazoncognito.com/oauth2/token"

The InitiateAuthAsync only returns scope: "scope": "aws.cognito.signin.user.admin",

the Oauth endpiont does not allow the password grant type according to this web page:

https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html

Topics
Security, Identity, & ComplianceServerlessFront-End Web & MobileNetworking & Content DeliveryAWS Well-Architected Framework.NET on AWS
Tags
AWS Identity and Access ManagementAmazon API GatewayAmazon CognitoSecurity.NET on AWS
Language
English
Michael A
asked a year ago149 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content