How do I use amazon-cognito-identity-js to get scopes in the access_token? #1884
Comments
|
@andrej-vasilj can you try |
|
I've been using https://jwt.io/ for quick debugging since it has a nice visual interface to decode tokens. The 'scope' section of the access token is always set to 'aws.cognito.signin.user.admin'. Today I was also trying to use boto3 for Python instead of javascript and I'm running into the same situation. It doesn't even matter if I deselect the 'aws.cognito.signin.user.admin' scope directly in the Cognito web admin console, it still gets listed in the access token. I'm really stuck and I don't know what to try... |
|
@andrej-vasilj I think the scope setting in the Cognito web admin console is only effective for OAuth(Cognito Hosted UI). @yuntuowang what do you think? |
|
I'm having a similar issue, I moved from Cognito hosted to the Amplify libraries, and looking at the jwt token, I don't see the scopes in it (other then aws.cognito.signin.user.admin). Maybe I have something setup wrong... |
|
@ErikCH as I know for now the scope would only be |
|
Closing the issue due to no further response. Feel free to reopen if you still have this issue. |
|
Is there any improvements on this? Also, what are the implications of having "aws.cognito.signin.user.admin" in it? I do not want my end users to end up with access to cognito APIs. Is this the case? I am bit frustrated about this documentation mess that Amplify brought. Old documentation no longer applies, new documentation does not cover edge cases. New sdks do not support most of the features. Any help would be much appreciated. 🙂 |
|
Since we cannot have scopes associated with access tokens given in non-OAuth 2.0 ways, I wonder if there is any alternative, maybe less delicate way, as a compromise, to do 'scope' management with it? |
|
Any update on this? A roadmap or anything giving information on getting custom scopes from the access_token? |
|
@jonvanputten since this is an issue/request about the Cognito service, we can't give any roadmap or statement here. It would be more efficient if you can go to the AWS forum and submit this issue to the service team directly. Thanks for your understanding! |
|
I do not think this is a Cognito issue, since I was able to get the scopes with token endpoint with Postman, just Amplify is not returning the necessary scopes. Please refer to #3732. Yet the .Net Cognito API was having the same problem as well and it also use SPR to sign in. |
|
Was anyone able to solve this? Is the answer to use https://github.com/aws-amplify/amplify-js/tree/master/packages/amazon-cognito-identity-js & re-implement |
|
IMO - this is an issue because you must have a cognito pool app client with a client secret in order to use scopes. And unfortunately, the amplify javascript sdk doesn't support client secrets (because that would leak the secret out). |
|
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs. Looking for a help forum? We recommend joining the Amplify Community Discord server |
** Which Category is your question related to? **
amazon-cognito-identity-js
** What AWS Services are you utilizing? **
AWS Cognito User Pools
** Provide additional details e.g. code snippets **
How do I use amazon-cognito-identity-js to get the scopes in the access_token? When I login using the web sign-in page I can see all default and custom scopes inside the access token, but when I use amazon-cognito-identity-js I get only the admin scope and nothing else.
The text was updated successfully, but these errors were encountered: