- 最新
- 最多得票
- 最多評論
Hi,
I understand that you would like to have Cognito work with PKCE and wanted to see if there was any examples of how to achieve this.
In order to have PKCE work with the authorization code grant flow you would need to pass the code-challenge-method as well as the code-challenge parameter in the GET request for the authorization endpoint and the code-verifier parameter in the POST request to the token endpoint. I am attaching the following documentation that goes over the authorization endpoint (1) as well as the token endpoint (2). These both have examples of using PKCE. The code-verifier would be a high-entropy cryptographic random STRING using the unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~". The code_challenge would be a SHA256 hash of the code_verifier that is then base64 URL encoded. The code_challenge_method would always be S256 as this is the only method Cognito supports.
I hope you have a great rest of your day!
References
(1) https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
(2) https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
Hi Patrick_V,
Thanks for the reply, just what I was looking for, I will try the code from you links through a Java application, I think I will do it trying with Java SDK. Any extra information would be appreciated, thanks again !
Have a nice day. David C. Software Engineer
相關內容
AWS 官方已更新 1 年前- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前