“Access token does not contain openid scope” in AWS Cognito


I am running a working AWS Cognito service on a frontend application which can successfully do the basic stuff – login, logout, signup, etc..

Right now I am trying to get user attributes through the backend API, such that:

1) The user login in the application and gets a JWT.

2) The JWT is being sent to the backend server.

3) The server has to extract the email of the user by using the access token

The closest thing that I found to what I need is this Cognito service.

So I am making a GET request to “https://mydomain.auth.eu-central-1.amazoncognito.com/oauth2/userInfo
With Authorization Header as they are asking for, but I keep getting this response:

“error”: “invalid_token”,
“error_description”: “Access token does not contain openid scope”

I have tried searching for this error but couldn’t find any explanation about the error.

Thanks by advance


I had this exact problem and it was my fault. I was sending the id_token instead of access_token property of the token.
I program in PHP, so I was sending as header "Authorization: Bearer ".$token->id_token instead of "Authorization: Bearer ".$token->access_token. Now it works.

Hope it helps you or someone.

Leave a Reply