Home > front end >  AWS Cognito how to query for the JWT Token after receiving an authorization code
AWS Cognito how to query for the JWT Token after receiving an authorization code

Time:03-22

my application requires an authorization code grant flow integration with Cognito and the website responded to me that Auth-Code accordingly.

https://<poolName>.auth.eu-central-1.amazoncognito.com/login?client_id=<clientID>&response_type=code&scope=email openid profile&redirect_uri=<redirectURI>

Now I want to know what email address has logged in. As fas as I understood, this is where I would need the JWT token.

How can I query the email adress of the token I have just received?

Any help is much appreciated!

CodePudding user response:

First, make sure your Cognito client includes the email OAuth scope. User Pools > my-user-pool > App client settings > Allowed OAuth Scopes.

Then, decode the id token and you will have the email. You can use JWT.io to quickly decode tokens for testing and development.

UPDATE: You can use the POST /oauth2/token endpoint to fetch the tokens. But in general, if you're creating a frontend for users, it's better to use someone else's UI. The Cognito hosted UI works, although it looks a bit dated and it doesn't support MFA/TOTP. The modern approach is to use the Amplify UI Authenticator component, which supports TOTP and all the flows you'd expect (sign-up, password reset, etc).

  • Related