How-to Setup OAuth2.0 Client Credentials Flow with Amazon Cognito
Securing your application with JWTs is a critical security requirement these days, luckily it’s made super easy with AWS Cognito User Pools. I’ll take you through a demo, from creating your first user pool through to making requests through postman to get a JWT with a defined scope you can attach to your API Gateway.
All the default settings in Cognito and guides seem to steer you in the direction of user authentication, cognito hosted UI and hooking up a provider like Facebook or Google, however I am talking here exclusively about app to app communication, think non-interactive. We won’t touch users, we won’t create a callback URL, we won’t even need MFA here as there is no interactive sign on. We will only use an App Client in this example. In particular, using the OAuth2.0 client id and secret authentication flow.
Step by step we’ll get the following setup:
- Cognito User Pool
- Cognito Domain
- Cognito Resource Server
- Resource Server Custom Scope
- Cognito App Client
Once we’ve got all that setup, we’ll mint a fresh token and decode it so we can see what the payload looks like.
