OAuth 2.0 PKCE Flow with AWS Cognito - Login with public client, like CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { | |
Issuer, | |
generators, | |
Client, | |
TokenSet, | |
CallbackParamsType, | |
} from "openid-client"; | |
const http = require('http'); | |
const issuer = await Issuer.discover('https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_VqitD3cvk/.well-known/openid-configuration') | |
const client = new issuer.Client({ | |
client_id: '6oeov5dtf2tvu0tl557a5erp0g', | |
redirect_uris: ['http://localhost:6363'], | |
response_types: ['code'], | |
token_endpoint_auth_method: 'none' | |
}); | |
const code_verifier = generators.codeVerifier(); | |
const code_challenge = generators.codeChallenge(code_verifier); | |
const authorizationUrl = await client.authorizationUrl({ | |
scope: 'openid', | |
code_challenge, | |
code_challenge_method: 'S256', | |
}); | |
let params | |
const server = http.createServer((req, res) => { | |
if (req.url.startsWith('/?')) { | |
params = client.callbackParams(req); | |
res.end('THX') | |
} else { | |
res.end('Unsupported') | |
} | |
}).listen(6363) | |
opn(authorizationUrl) | |
while (params === undefined) { | |
await new Promise(resolve => setTimeout(resolve, 500)); | |
} | |
const tokenSet = await client.oauthCallback('http://localhost:6363', params, { code_verifier }) | |
server.close() | |
console.log(tokenSet) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment