Fork me on GitHub
#clojure-uk
<
2021-08-16
>
dharrigan06:08:42

Good Morning!

Ben Hammond08:08:19

does anyone here have experience with AWS Cognito? I am trying to get an authorization code exchanged for a user token but I cannot get beyond an http/400 "error" : "invalid_client" I've been trying to test it by • manualy pointing a browser at the cognito ui login page • getting redirected to a (non-existent) logged in page • manually copy-and-pasting the code from the logged in URI to an Intellij HTTP scratch pad, wher I attempt to POST to the /oauth2/token I note that the login page drops a couple of cookies; and I am starting to wonder if the /oauth2/token endpoint requires those cookies. But that is just a guess

Ben Hammond08:08:34

If my user pool client does not have a Secret, can I completely skip the Authorization=Basic Header? or do I need to put in Base64 encoded client Id?

thomas08:08:56

not sure, we use cognito... is this a web page?

Conor08:08:01

Request Parameters in Body client_id

    Client ID.

    Must be a preregistered client in the user pool. The client must be enabled for Amazon Cognito federation.

    Required if the client is public and does not have a secret.

Ben Hammond09:08:56

yeah so there definitely has to be a clent_id parameter in the body of the POST

Ben Hammond09:08:34

but does that mean I can skip on the Authentication: Basic` ` bit of the Header

Ben Hammond09:08:25

(I seem to get an "error" : "invalid_client" either way, so perhaps it is not related to my actual problem

Ben Hammond09:08:10

or perhaps it is, I understand that security consideration mean not giving too much away about what you are actually doing wrongly

Conor09:08:24

Authorization

    If the client was issued a secret, the client must pass its client_id and client_secret in the authorization header through Basic HTTP authorization. 

Ben Hammond09:08:49

so.. if the client was not issued a secret...

Conor09:08:22

I don't think so

Ben Hammond16:08:14

I found the problem; my redirect-uri was

but the redirect-uri I put in the form parameter did not contain that port number

Ben Hammond16:08:44

thanks for your help

Luis Thiam-Nye09:08:37

Good Morning™

paulspencerwilliams12:08:11

I’m delighted to say that I joined On The Market today. Unfortunately for @djm_uk, I am going to be joining his team. What did you do wrong in your past life David?

😂 9
🥳 12
djm12:08:10

I think the crime was in this life - recommending you to OTM 😁

paulspencerwilliams12:08:28

Haha, so self-inflicted?

Jakob Durstberger12:08:46

Happy Monday 🙂

Aron12:08:55

not yet 😄

😆 6