I'm trying to recreate the AWS Cognito Hosted UI in JavaScript (as I need I18N). I use the AWS JavaScript SDK V3.
My solution works fine with username/password logins. But I'm stuck with including external IDPs.
I configured Google described here https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html and it works fine with the Hosted UI.
When I enter my own UI as callback, the UI get's called with a new URL parameter "code". I have no clue where/how to use this parameter to get cognito tokens. It' doesn't seem like the InitiateAuthCommand I use for username/password auth is the correct place to use the code, but I can't find a better suited function.
Anyone done this before?
That code you receive is a code grant as the Login URL is using response_type=code. You can exchange that code for the tokens using the token endpoint, see an example in the Token endpoint documentation:
POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token&
Content-Type='application/x-www-form-urlencoded'&
grant_type=authorization_code&
client_id=1example23456789&
code=AUTHORIZATION_CODE&
redirect_uri=com.myclientapp://myclient/redirect
If you check the authorize endpoint documentation the response_type parameter can be code or token, if you use token it returns an implicit grant:
An implicit grant is an ID and access token that Amazon Cognito appends to your redirect URL. An implicit grant is less secure because it exposes tokens and potential identifying information to users. You can deactivate support for implicit grants in the configuration of your app client.