How do I obtain an ID token from Cognito without hosted UI

Hello.

You can obtain an ID token from Amazon Cognito without using the hosted UI by performing the OAuth 2.0 token endpoint request. You can use the "password" grant type if you want to exchange a user's username and password for tokens directly.

Below are the steps to obtain an ID token using the AWS CLI and an HTTP request.

Using AWS CLI You can use the initiate-auth command in AWS CLI to initiate the authentication process.

• Install AWS CLI: Make sure you have the AWS Command Line Interface installed.
• Configure AWS CLI: Run aws configure to set your credentials and default region.

Run the initiate-auth Command:

aws cognito-idp initiate-auth \
  --auth-flow USER_PASSWORD_AUTH \
  --auth-parameters USERNAME=your_username,PASSWORD=your_password \
  --client-id your_app_client_id \
  --region your_aws_region

Using HTTP Request Install a Tool for Sending HTTP Requests: Install a tool like curl or use a platform like Postman.

curl -X POST \
  --url https://your_domain.auth.your_region.amazoncognito.com/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=password' \
  --data-urlencode 'client_id=your_app_client_id' \
  --data-urlencode 'username=your_username' \
  --data-urlencode 'password=your_password' \
  --data-urlencode 'scope=email openid'

Regards, Andrii

If you want to use OAuth you have to use hosted UI. Cognito supports grant types of : Authorization code grant, Implicit grant, Client credentials. It does not support Resource owner password credentials. However from your description you don't need/want to use OAuth. Refer to "User pool authentication flow" https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html to select an authentication flow that is suitable for your use case (the application that your customer develops).