Created
June 7, 2020 10:25
-
-
Save kevcodez/0fa6f561315e73c26748dc847e32f113 to your computer and use it in GitHub Desktop.
OAuth 2.0 PKCE Flow with AWS Cognito - Login with public client, like CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { | |
Issuer, | |
generators, | |
Client, | |
TokenSet, | |
CallbackParamsType, | |
} from "openid-client"; | |
const http = require('http'); | |
const issuer = await Issuer.discover('https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_VqitD3cvk/.well-known/openid-configuration') | |
const client = new issuer.Client({ | |
client_id: '6oeov5dtf2tvu0tl557a5erp0g', | |
redirect_uris: ['http://localhost:6363'], | |
response_types: ['code'], | |
token_endpoint_auth_method: 'none' | |
}); | |
const code_verifier = generators.codeVerifier(); | |
const code_challenge = generators.codeChallenge(code_verifier); | |
const authorizationUrl = await client.authorizationUrl({ | |
scope: 'openid', | |
code_challenge, | |
code_challenge_method: 'S256', | |
}); | |
let params | |
const server = http.createServer((req, res) => { | |
if (req.url.startsWith('/?')) { | |
params = client.callbackParams(req); | |
res.end('THX') | |
} else { | |
res.end('Unsupported') | |
} | |
}).listen(6363) | |
opn(authorizationUrl) | |
while (params === undefined) { | |
await new Promise(resolve => setTimeout(resolve, 500)); | |
} | |
const tokenSet = await client.oauthCallback('http://localhost:6363', params, { code_verifier }) | |
server.close() | |
console.log(tokenSet) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment