I am running a working AWS Cognito service on a frontend application which can successfully do the basic stuff – login, logout, signup, etc..
Right now I am trying to get user attributes through the backend API, such that:
1) The user login in the application and gets a JWT.
2) The JWT is being sent to the backend server.
3) The server has to extract the email of the user by using the access token
The closest thing that I found to what I need is this Cognito service.
So I am making a GET request to “https://mydomain.auth.eu-central-1.amazoncognito.com/oauth2/userInfo”
With Authorization Header as they are asking for, but I keep getting this response:
“error_description”: “Access token does not contain openid scope”
I have tried searching for this error but couldn’t find any explanation about the error.
Thanks by advance
I had this exact problem and it was my fault. I was sending the
id_token instead of
access_token property of the token.
I program in PHP, so I was sending as header
"Authorization: Bearer ".$token->id_token instead of
"Authorization: Bearer ".$token->access_token. Now it works.
Hope it helps you or someone.