✅ - amplify v6 Resource Config usage with userpool client with a secret | AWS Amplify | Page 1

glacial escarp Feb 21, 2024, 3:14 PM

#

Hello all, I have been stumbling through the documentation and GitHub issues to see how to configure amplify with a userpool that uses a secret. I need to add the client_secret parameter to the post of the token endpoint or add it to the body.

Is this possible? I'm using Typescript and the property isn't available in the ResourceConfig type or anywhere in the Cognito Auth.

Thanks in advance!

random merlin Feb 21, 2024, 5:17 PM

#

👋 are you looking to configure a new Cognito resource with some OAuth credentials? or use aws-amplify a la carte with your own token provider?

glacial escarp Feb 21, 2024, 6:49 PM

#

I'm using OAuth with an already up and running userpool and userpool client

#

Based on this documentation, I need to provide the client_secret along with the post that amplify helps configure.

https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html

Token endpoint - Amazon Cognito

Learn how to generate requests to the /oauth2/token endpoint for Amazon Cognito OAuth 2.0 access tokens, OpenID Connect (OIDC) ID tokens, and refresh tokens. The token endpoint returns tokens for app clients that support client credentials grants and authorization code grants.

#

Right now, I get an
OAuthExceptionError: invalid_client

random merlin Feb 21, 2024, 7:20 PM

#

what provider are you using? In gen2's defineAuth you can specify externalProviders with OAuth credentials

#

https://docs.amplify.aws/gen2/build-a-backend/auth/add-social-provider/

Add social provider sign-in - AWS Amplify Gen 2 Documentation

Learn how to add social provider sign-in. AWS Amplify Documentation

glacial escarp Feb 21, 2024, 7:26 PM

#

Sorry, I'm a little confused. I'm just using a Cognito LoginWith oAuth. So my provider is Cognito

#

This isn't external

random merlin Feb 21, 2024, 7:30 PM

#

oh! I misunderstood, then. if you're using aws-amplify you shouldn't need to do any additional configuration outside the original Amplify.configure() 🙂

glacial escarp Feb 21, 2024, 7:33 PM

#

That's what I thought

#

But the client has a secret and amplify isn't passing in the client secret nor does it have a configuration property for me to add it in the ConfigResources type

#

Is this a bug?

random merlin Feb 21, 2024, 9:21 PM

#

glacial escarp But the client has a secret and amplify isn't passing in the client secret nor d...

is this a Cognito User Pool Client?

glacial escarp Feb 21, 2024, 9:28 PM

#

Yes

#

With a secret

random merlin Feb 22, 2024, 12:25 AM

#

ah okay, hmm this may be a limitation https://github.com/aws-amplify/amplify-js/blob/main/packages/core/src/singleton/Auth/types.ts#L154

GitHub

amplify-js/packages/core/src/singleton/Auth/types.ts at main · aws-...

A declarative JavaScript library for application development using cloud services. - aws-amplify/amplify-js

#

after chatting with the team this is intentional as you do not want to expose the client secret. in a server context it is a bit different

#

https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash

Signing up and confirming user accounts - Amazon Cognito

Sign up and confirm user accounts in Amazon Cognito.

glacial escarp Feb 22, 2024, 2:07 PM

#

Okay, so what's the best practice moving forward?

#

More specifically, where do I configure amplify to send data in the post body?

#

It seems like allowing me to handle the hash is fine, but I need a mechanism to update the post body, right?

random merlin Apr 16, 2024, 11:39 PM

#

👋 sorry for the delay, are you still experiencing this? are you looking to use this token received from cognito to call some API endpoint?

hollow moatBOT May 3, 2024, 4:26 PM

#

✅ - amplify v6 Resource Config usage with userpool client with a secret

#✅ - amplify v6 Resource Config usage with userpool client with a secret