Can we use this library with a Cognito client with no "Client Secret"?

cgauge / Flask-AWSCognito

Extension for Flask that adds support for AWSCognito into your application

https://flask-awscognito.readthedocs.io

MIT License

28 stars 28 forks source link

Can we use this library with a Cognito client with no "Client Secret"? #5

Closed devireds closed 4 years ago

devireds commented 4 years ago

Hello,

According to my understanding, this library needs the "Client Secret". Can we use this library without Client Secret?

Thank you, SaiJeevan

babaMar commented 4 years ago

If you only need to verify the token signature (the token sent to authenticate the request) it should work without the user_pool_client_secret, although it might be requested by the app config, so maybe try with a dummy entry for that in your environment.

In any case, I really suggest going through the AWS Cognito documentation before using any library.