'Getting Amazon Cognito Access Token in Java

We've been writing some code to test our endpoints and the authentication process. We use Cognito for authentication, our endpoints require an access token with implicit grant flow.

Reading Amazon's documentation we've managed to get an openid token using the code below:

    AmazonCognitoIdentity identityClient = new AmazonCognitoIdentityClient(
            new BasicAWSCredentials("XXXXXXXXXXXXXXXXXXXXX",
                    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
    );
    identityClient.setRegion(Region.getRegion(Regions.EU_WEST_1));
    GetOpenIdTokenForDeveloperIdentityRequest request =
            new GetOpenIdTokenForDeveloperIdentityRequest();
    request.setIdentityPoolId("eu-west-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
    Map<String,String> logins = new HashMap<>();
    logins.put("acceptance-tests", "acceptance-tests");
    request.setLogins(logins);

    GetOpenIdTokenForDeveloperIdentityResult response =
            identityClient.getOpenIdTokenForDeveloperIdentity(request);
    String identityId = response.getIdentityId();

    String token = response.getToken();

We just have no idea of how to exchange an openid token for an access token to call our endpoints.

That said, we are not even sure if we really need to get an openid token first in order to get the access token.

Before we were trying to use the code below to get the access token, but the token we got was not accepted by our endpoint. The token we got was different from the token we get when we log in through the cognito UI.

final String clientId = "XXXXXXXXXXXXXXXXXXXXXXXXX";
final String region = "eu-west-1";
final String username = "USERNAME";
final String password = "PASSWORD";
AWSCognitoIdentityProvider cognitoClient = AWSCognitoIdentityProviderClientBuilder.standard()
            .withRegion(region)
            .build();
final Map<String, String> authParams = new HashMap<>();
authParams.put("USERNAME", username);
authParams.put("PASSWORD", password);
final InitiateAuthRequest authRequest = new InitiateAuthRequest();
authRequest.withAuthFlow(AuthFlowType.USER_SRP_AUTH)
            .withClientId(clientId)
            .withAuthParameters(authParams);
InitiateAuthResult result = cognitoClient.initiateAuth(authRequest);
javaaws-sdkamazon-cognito


Solution 1:[1]

I found this to be working. You do not need openid to get access token! The returned token contains all the info from the response such as the token, expiration, token type etc.

private OAuthJSONAccessTokenResponse getAuthToken() {
    try {
        OAuthClient client = new OAuthClient(new URLConnectionClient());

        OAuthClientRequest request = OAuthClientRequest.tokenLocation(AUTH_TOKEN_ENDPOINT)
                .setGrantType(GrantType.CLIENT_CREDENTIALS)
                .setClientId(CLIENT_ID)
                .setClientSecret(CLIENT_SECRET)
                //.setScope(SCOPE)
                .buildBodyMessage();

        System.out.println(request.getBody());

        //token = client.accessToken(request, OAuth.HttpMethod.POST);
        //System.out.println(token);
        this.init = true;
        return client.accessToken(request, OAuth.HttpMethod.POST);
    } catch (Exception e) {
        e.printStackTrace();
        return null;
    }
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 BoonBucket

Related Questions