Search code examples
amazon-web-servicesaws-api-gatewayamazon-cognitoaws-amplifyaws-userpools

Use the token response from SAML authentication with User Pools to retrieve AWS Temporary Access keys

How do I use the token response from SAML authentication with User Pools to retrieve AWS Temporary Access keys and Make API Gateway Calls?

I have configured a Cognito User Pool with an associated App client. I have configured Okta as a 3rd Party SAML Identity provider. Using the Amazon hosted login https://[cognito domain name]/login?response_type=token&client_id=[your App client id]&redirect_uri=[your App client redirect URL] I am able to be redirected to my ReactJS application with the #access_token in the header.

I am trying to now user the #access_token to call API gateway. I have been following this guide as well as aws-amplify. To my understanding I need to use the #access_token to get AWS access keys to make the call to API gateway.

I am trying to do this with the following code:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:xxxxxxx-xxxx-xxxx-xxxx-xxxxxx',
   Logins: {
      'cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxx': #access_token
   }
});

but not sure how this integrates with aws-amplify, and I have not successfully retrieved AWS temporary access keys to make API Gateway calls.

I previously had this working using users in the Cognito User Pool but now I need to include Okta as an identity provider.

Solution

  • I found I needed the #id_token rather than the #access_token to accomplish what I was trying to do. I enabled the #id_token by selecting the following options in my Cognito Pool App Client Settings: enter image description here

    I was then able to follow Cognito hosted UI.