Amazon Documentation Also Lies

I have spent the last couple of days fighting with oauth 2.

This is based upon Cognito.

The basis of the oauth authentication is a multi step  dance. First you get the user to log in and are redirected back with a code. You need to send back the code with some shared secrets and it responds with a set of tokens.

These tokens do include the refresh token despite the docs saying that they don’t.

The next step is to fetch some user details. This has not yet been implemented yet the docs clearly state that it is there.

I have yet to find the renewal endpoint…


I have found out why cognito does not implement the ouath/userinfo endpoint.

It’s because the tokens endpoint returns a JWT token that includes the userinfo. I have yet to see if this is the most sane Bearer authentication token.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s