Question:
Following the documentation from https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html after successfully retrieving an authentication code.
As far as I can tell this is exactly how the request is supposed to be setup:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
import request from 'request' function fetchToken(code: any, clientId: string, clientSecret: string) { try { let tokenEndpoint = `https://example.auth.us-east-1.amazoncognito.com/oauth2/token` const clientIdEncoded = Buffer.from(`${clientId}:${clientSecret}`).toString('base64') request.post({ url:tokenEndpoint, headers: { 'Content-Type':'application/x-www-form-urlencoded', 'Authorization':`Basic ${clientIdEncoded}` }, form: { code, 'grant_type':'authorization_code', 'client_id':clientId, 'redirect_uri':'http://localhost:3000' }}, function(err,httpResponse,body){ console.log(httpResponse.statusCode) //400 console.log(httpResponse.statusMessage) //Bad Request if(err) { console.error(err) } console.log(body) //{"error":"unauthorized_client"} }) } catch (error) { console.error(error) } } |
Why would be getting unauthorized_client? Is there an easier way to debug this?
Edit: tested this in Postman with the same request and getting the same error
Headers
Body
Answer:
Please check if the Cognito User Pool App is using secret key. If you have created with secret key option, that must be included in the Authorization header of the request.