By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito authentication with no keys

0

I'm in a fairly unique situation ( I think ). I'm trying to use Cognito to authenticate users to get an access token so I can make API calls to a third party's cloud database, BUT the only info I have is region, client ID, userpool ID, username and password. The users in this pool are managed by the third party who are using Cognito as their IdP. For various reasons I need to do this using PHP. I have looked through a ton of documentation and everything I see indicates that I need valid access and secret key to make the necessary calls. So, my question is: Is it possible to generate an access token with the info I have?

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAmazon Cognito
Language
English
Starepod
asked 24 days ago276 views
1 Answer
0

It sounds like they may be using a Public client in Amazon Cognito, see App Client Types, in which case you can initiate the authorization flow with just the client ID.

The details of implementing authorization code flow can be found in the Open ID Connect (OIDC) Authorization Code Flow documentation. Typically you would use an (OIDC) library to handle the authentication flow, I don't have a personal recommendation for PHP.

One thing to note - typically you would use a Confidential Client for a server side application like PHP. Is it possible to ask them to create you a Confidential client instead of a Public client? In that case they would provide you with the same information, but also provide a client secret which you would add to the request in the auth flow.

AWS
Trevor Schiavone
answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content