How do i integrate amazon cognito login in postman

Question

I was using Amazon Cognito user pool for login.When i access my web application i will redirect to

https://.auth..amazoncognito.         


        

Answer 1

I have an example of doing this...

1. The callback URL as defined in the Cognito User Pool console under App Integration / App client settings.
2. The URL for the login endpoint of your domain. This will be under Cognito User Pool / App Integration / Domain Name
3. Client ID is found under Cognito User Pool / General Settings / App clients
4. List the scopes you want to include in the Access Token. These must be enabled under Cognito User Pool / App Integration / App client settings. These can be either standard or custom scopes. Custom scopes are defined under App Integration / Resource servers and must include the resource server ID (e.g. https://myresource.com/myscope)
5. Click Request Token

You may now log in to your Cognito User Pool and receive an Access Token! The problem is that once you have the Access Token it isn't usable within Postman because Cognito expects it to be bare and Postman automatically prepends 'Bearer' to the token: The token can be used in cURL though: curl -i -H "Authorization: dyJraWQiOiI1YVcwTUlqN1hBaHg4Yzh4Q3JNT2RsQjhZWjlCR3NQOE9BbkFlVFJtUklRPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI3YmEwZmMzOC01ZDcwkYS05MTI5ZTBmYTUzNTEiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6Imh0dHBzOlwvXC9hcGkubXk5MC5jb21cL3BvbGljZURlcGFydG1lbnRzLnJlYWQiLCJhdXRoX3RpbWUiOjE1NDA1OTIzMTYsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX2xIbGo4NXpRYSIsImV4cCI6MTU0MDU5NTkxNiwiaWF0IjoxNTQwNTkyMzE2LCJ2ZXJzaW9uIjoyLCJqdGkiOiJhN2JiOWU2MC1kNmY1LTQ3ODYtODMwYi0xODdkZDZmYTZlODAiLCJjbGllbnRfaWQiOiI2MzhlYmZ1dTdiZDRkMXVkYnRzY2pxcnJncyIsInVzZXJuYW1lIjoicm9qbyJ9.O_GAxfFX3IQfLUu5Hxr05Wrk_2QDwNSL8tvDdEU0Dzs9d1XhQPafT6ney6yiGnKPOwsO8HhWdbT1QdDmByjuwQAURf1Da4Au7c-yhfgJcqWuHWZ4mledTSP8ukXqihMb4PoaDdU4JXyOdMLa50dBXVMgJNyXTpIulWOxFhiTW6DeQbnxNDk94cGNz_CTKCEqKStiloFZfLR7ndSrWqdOQ_SU__YV0RyKXZyK5yguv3nkUcI6cuKpbPVIZ5DNdpufbrtOLuZcC6HePBKrbTKjSZCt5-swy3YrwnY4ApTX7QUFzof6FylWaLA_KVP3Zv6ksSJ_IjBMFH1NRVHh4lbsOA" \ https://xxxxx.execute-api.us-east-1.amazonaws.com/v1/myresource/1234

Answer 2

The use-case you want to implement can be achieved by using the OAuth 2.0 authorization. If you can get the Auth URL/ Access Token URL, Client ID, and the Client Secret- you should be able to do it.

Here's a link to the documentation of the various authorization types we support including the above mentioned one- https://www.getpostman.com/docs/v6/postman/sending_api_requests/authorization.

Cheers.

Answer 3

by yl.

Thanks to Robert Jordan for his above postman OAuth2.0 configuration post.

I'll try to cover here the entire Cognito user pool definition part to make it easier.

Ok,

Open the Cognito console and follow the bellow stages:

1) create new user pool

name: Test1
left panel menu->Attributes

Select the following radio buttons:

o Email address or phone number - Users can use an email address or phone number as
  their "username" to sign up and sign in.
   o Allow email addresses   

And checkboxes:

[v] email
[v] name

Screenshot:

Press the [Create Pool] button. (if not available yet to the wizard - press [Review Details] option on the left panel menu)

2) left panel menu->App Clients

press: [add app client]

App client name: me1

clear all checkboxes but the:

[v] Enable username password based authentication (ALLOW_USER_PASSWORD_AUTH)

Leave Radio buttons as is:

o Enabled (Recommended)

Screenshot:

press [create app client]

3) copy and keep the 'App client id'

this is a string format similar to 5psjts111111117jclis0mu28q

Screenshot:

4) left panel menu->App Client settings

Enabled Identity Providers: [v]Select all
[v] Cognito User Pool

Callback URL(s): put the api gw url or https://www.google.com/

OAuth 2.0
 Allowed OAuth Flows
   [v] Implicit grant
 Allowed OAuth Scopes
   [v] openid

Screenshot:

5) left panel menu->Domain name

put a string in the prefix field, for instance: music123456789

check if available using the 'check' button.

your domain now is: https://music123456789.auth.us-east-1.amazoncognito.com

Screenshot:

6) left panel menu->Users and Groups

press [Create user]

Username (Required): Your.Mail@company.com

clear all [v] check boxes

Temporary password: Xx123456!

eMail: Your.Mail@company.com

7) in POSTMAN

Press new Request

enter the 'Authorization' tab

Select TYPE: OAuth 2.0

press the [Get new Access Token] button and fill in:

Token Name: myToken123

Grant Type: select 'implicit' from the listbox

1. callback URL: https://www.google.com/
   (as in clause 4 or in cognito console->App Integration->App client settings)

2. Auth URL: https://music123456789.auth.us-east-1.amazoncognito.com/login
   (as in clause 5 + '/login' suffix, what you have defined in cognito console->App Integration->Domain Name)

3. Client ID: 5psjts343gm7gm7jclis0mu28q (the app client id - as in 3,

what you have defined in cognito console->General Settings->App clients)

4. Scope: openid (as in 4, what you have defined in cognito console->App client settings->Allowed OAuth Scopes)

COGNITO to OKTA idp configuration

When connecting Cognito to Okta IDP, Configuration should be as follows:

Okta Setup

Cognito Setup

Postman setup