JavaScript/AWS here, although this is more of an AWS API question (since the JavaScript SDK just implements the API).
I'm looking at the AWS Cognito JavaScript SDK and trying to figure out how to programmatically authenticate a user given:
But nothing obvious is jumping out at me. Is this not possible to do through their API/SDK? Do they force you to login from a web form?! Thanks in advance for any-and-all-steering!
I think there are couple of options that we can use here.
Let me provide examples with InitiateAuthCommand and AdminInitiateAuthCommand.
In order to user this, we should enable ALLOW_USER_PASSWORD_AUTH in the app client. This can be used in client-side authentication flow.
return new CognitoIdentityProviderClient({region: "<aws-region>"}).send(
new InitiateAuthCommand({
ClientId: "<the client id of the app>",
AuthFlow: AuthFlowType.USER_PASSWORD_AUTH,
AuthParameters: {
USERNAME: "<[email protected]>",
PASSWORD: "<password>",
},
})
)}
In order to user this, we should enable ALLOW_ADMIN_USER_PASSWORD_AUTH in the app client. Also we have to configure the AWS credentials in the execution environment. So this can be used in Server-side authentication flow
return new CognitoIdentityProviderClient({region: "<aws-region>"}).send(
new AdminInitiateAuthCommand ({
ClientId: "<the client id of the app>",
AuthFlow: AuthFlowType.ADMIN_NO_SRP_AUTH,
UserPoolId:"<the user pool id>",
AuthParameters: {
USERNAME: "<[email protected]>",
PASSWORD: "<password>",
},
})
)}
NOTE: You can change the AuthFlow based on your requirement. Please read User pool authentication flow, InitiateAuthCommandInput.AuthFlow and AdminInitiateAuthCommandInput.AuthFlow for more details.