jonasao
commented
6 years ago I can't commet on the suggestion above, but I would like to see support for applications with a "client secret".
Closed cristianedb closed 6 years ago
jonasao
commented
6 years ago I can't commet on the suggestion above, but I would like to see support for applications with a "client secret".
yuntuowang
commented
6 years ago @cristianedb is correct. If the client was issued a secret, the client must pass its client_id and client_secret in the authorization header through Basic HTTP authorization. The secret is Basic Base64Encode(client_id:client_secret).
Although the documentation is clear "The Amazon Cognito JavaScript SDK does not use the app client secret" I dont understand why dont add the header "Authorization" in the function getCodeQueryParameter(httpRequestResponse) (amazon-cognito-auth.js) when the user configure its sdk with "client secret". This not solve the problem?