Thanks for the video! Do you know if it's possible to setup a code grant flow with PKCE without going through Cognito Hosted UI? We have a custom authentication app and we would like to avoid reinventing the wheel if Cognito offers a solution out of the box.
It is not possible. But, you can use Cognito custom authentication flows in case you want to continue with your current authentication app. The only problem is that you need to build the PKCE flows which is not advisable.
@@securityinaction1018 Hmmm it should be simple enough: a custom auth flow + a dynamoDB table with a short TTL to store the code challenges. More work than if Cognito has a dedicated endpoint or an existing option on InitiateAuth(), but still achievable. Thanks a lot for the reply :)
Hi im trying for the custom lamda authorizer using cognito ,openid and okta but non of them works fine , need to machine to machine authorization and get /put the value from dynmo db
Custom Authorizer is not required for Lambda. You can follow this video ua-cam.com/video/4n5Ssr3NZRc/v-deo.html to configure Cognito as the authorizer. For Okta, you can either use HTTP API or REST API. For HTTP API, follow this video ua-cam.com/video/3y_UAPzmv1g/v-deo.html. For REST API, I am yet to post a video.
@@securityinaction1018 Iam doing machine to machine authorization where from api end point i will hit the lamda , the lambda will fetch the client criendiatls which is in the Oauth validate it and after that it will put/get the records from the dynamo db , Non of the lambda auth found in github ,code not working fine and in the other blogs not given the correct direction how to do it , im validating via header fyi -Ignore my typos
You can follow this blog awskarthik82.medium.com/part-1-securing-aws-api-gateway-using-aws-cognito-oauth2-scopes-410e7fb4a4c0 which uses machine-to-machine authorization using client credentials grant.
Please subscribe to this channel for regular updates ua-cam.com/channels/EEayyyCrJO94FYlzF0NLTg.html
Thank You for the support.
Outstanding, really outstanding helpful video. Thank you.
Glad it was helpful!
Please like, subscribe & share this video / channel !! Thanks in advance.
Thanks for the video!
Do you know if it's possible to setup a code grant flow with PKCE without going through Cognito Hosted UI? We have a custom authentication app and we would like to avoid reinventing the wheel if Cognito offers a solution out of the box.
It is not possible. But, you can use Cognito custom authentication flows in case you want to continue with your current authentication app. The only problem is that you need to build the PKCE flows which is not advisable.
@@securityinaction1018 Hmmm it should be simple enough: a custom auth flow + a dynamoDB table with a short TTL to store the code challenges. More work than if Cognito has a dedicated endpoint or an existing option on InitiateAuth(), but still achievable.
Thanks a lot for the reply :)
Great, that works :)
Hi im trying for the custom lamda authorizer using cognito ,openid and okta but non of them works fine , need to machine to machine authorization and get /put the value from dynmo db
Custom Authorizer is not required for Lambda. You can follow this video ua-cam.com/video/4n5Ssr3NZRc/v-deo.html to configure Cognito as the authorizer. For Okta, you can either use HTTP API or REST API. For HTTP API, follow this video ua-cam.com/video/3y_UAPzmv1g/v-deo.html. For REST API, I am yet to post a video.
@@securityinaction1018 Iam doing machine to machine authorization where from api end point i will hit the lamda , the lambda will fetch the client criendiatls which is in the Oauth validate it and after that it will put/get the records from the dynamo db , Non of the lambda auth found in github ,code not working fine and in the other blogs not given the correct direction how to do it , im validating via header fyi -Ignore my typos
You can follow this blog awskarthik82.medium.com/part-1-securing-aws-api-gateway-using-aws-cognito-oauth2-scopes-410e7fb4a4c0 which uses machine-to-machine authorization using client credentials grant.
Is there any example on hoe to achieve this in angular ?
I have not tried with angular. You can search in google for some solution.