I'm using AWS Cognito UI for login using authorization code grant flow and successfully getting the authorization code. But getting an 405 method not allowed error when post request is made to oauth2/token endpoint via postman
The app client is setup in Cognito User Pool with app secret passing appclientid:appclientsecret as authorization in base64 encoding.
As stated in the documentation:
Content-Type Must always be 'application/x-www-form-urlencoded'.
Source: https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
I was writing code in c# for token with authorization_code grant type and all calls were failing with 405 Method Not Allowed status.
According to AWS documentation following URL and parameters should be used
POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token&
Content-Type='application/x-www-form-urlencoded'&
Authorization=Basic aSdxd892iujendek328uedj
grant_type=authorization_code&
client_id=djc98u3jiedmi283eu928&
code=AUTHORIZATION_CODE&
redirect_uri=com.myclientapp://myclient/redirect
After spending 2 hours, I found out, removing & from URL would solve the issue, so make sure your request looks like this
POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token
Content-Type='application/x-www-form-urlencoded'
Authorization=Basic aSdxd892iujendek328uedj
grant_type=authorization_code&
client_id=djc98u3jiedmi283eu928&
code=AUTHORIZATION_CODE&
redirect_uri=com.myclientapp://myclient/redirect
var strClientSecret = $"{"your_clientId"}:{"your_clientsecret"}";
var client = new HttpClient();
var body = new Dictionary<string, string>();
body.Add("grant_type", "client_credentials");
body.Add("client_id", "your_appclientid");
body.Add("redirect_uri", "your_callbackurl");
var content = new FormUrlEncodedContent(body);
var autho = System.Text.Encoding.UTF8.GetBytes(strClientSecret);
var base64Autho = System.Convert.ToBase64String(autho);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", base64Autho);
client.DefaultRequestHeaders.TryAddWithoutValidation("Content-Type", "application/x-www-form-urlencoded");
var response = await client.PostAsync("https://your_domain.auth.ap-south-1.amazoncognito.com/oauth2/token", content);
Well, just in case it helps anybody.
I was facing a 405 in Postman while trying to retrieve the respective jwt tokens (id_token, access_token, refresh_token) using the grant_type as authorization_code.
reason being the headers section where I was using 'application/x-www-form-urlencoded' as value for Content-Type i.e. with single quotes. So, when I removed these single quotes and only used application/x-www-form-urlencoded right away, it started working.
I resolved this error 405 method not allowed error in AWS Cognito oauth2/token endpoint by making my code as below mentioned, and it worked fine.
I took help from this link and use the correct format to mention both header and body parameters in the fetch request:
https://formcarry.com/documentation/fetch-api-example
const requestOptions = {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": `Basic ${authData}`,
"Accept": "application/json"
},
body: `grant_type=${config.grant_type}&code=${code}&client_id=${config.clientId}&redirect_uri=${config.loginRedirectUri}`
}
fetch(`${config.domainUrl}/oauth2/token`, requestOptions)
.then(response => response.json())
.then(data => {
sessionStorage.setItem("access_token",data.access_token)
fetchUserDetails(data.access_token)
})
I used a config file to save variables.
const config = {
domainUrl: "https://domainname.auth.origin.amazoncognito.com",
clientId: "xxxxxxxxxxxx",
loginRedirectUri: "http://localhost:8000/redirecturi",
grant_type: "authorization_code",
logoutUri: "http://localhost:8000",
clientSecret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
