search

awslabs / cognito-at-edge

Serverless authentication solution to protect your website or Amplify application
Apache License 2.0
168 stars 54 forks source link

Cognito client Id with secret #7

Closed yoavya closed 2 years ago

yoavya commented 2 years ago

It seems like this package doesn't support a cognito user pool client with secret. according to cognito documentation when the client has a secret it must be passed through the authentication header 

Authorization

If the client was issued a secret, the client must pass its client_id and client_secret in the authorization header through Basic HTTP authorization. The secret is Basic
Base64Encode(client_id:client_secret).

currently I am able to use this package only with cognito user pool clients that don't have a secret id it would be nice to be able to use both options :)

jeandek commented 2 years ago

Hi yoavya, I have not tried to use the package with the setup you describe, but according to the documentation you linked it makes sense that the package doesn't work in that situation. This is definitely something that should be supported. I'll add it to our backlog.

yoavya commented 2 years ago

Hi, I opened a PR ☝🏼 to fix this, already checked on my cognito app that it works.

jeandek commented 2 years ago

PR was merged and will be included in 1.0.0. Thanks yoavya.