AWS Boto / Warrant library: SRP authentication and credentials error


I have been stuck on the following issue for quite some time now. Within Python I want users to retrieve a token based upon their username and password from the AWS cognito-identity-pool making use of srp authentication. With this token I want the users to upload data to s3.

This is part of the code I use (from the warrant library):

However, I keep on getting:

I was able to get rid of this error by adding credentials in the .aws/credentials file. But this is not in line with the purpose of this program. It seems like there is a mistake in the warrant or botocore library and the it keeps on attempting to use the AWS Access Key ID and AWS Secret Access Key from the credentials file, rather than that the given credentials (username and password) are used.

Any help is appreciated


I am on to Cognito team. initiate auth is an unauthenticated call so it shouldn’t require you to provide AWS credentials. The service endpoint will not validate the sigv4 signature for these calls.

That being said, some client libraries have certain peculiarities in the sense that you need to provide some dummy credentials otherwise the client library will throw an exception. However you can provide anything for the credentials.

Leave a Reply