Marcelo Olivas
05/21/2021, 2:25 AM{
"error": "invalid_scope"
}
when trying to get my token from the POST <https://service-api-pool-domain-jedi-master.auth.us-east-1.amazoncognito.com/oauth2/token>
here’s my infra code:
import * as cognito from "@aws-cdk/aws-cognito";
import * as apiAuthorizers from "@aws-cdk/aws-apigatewayv2-authorizers";
import * as sst from "@serverless-stack/resources";
export default class MyStack extends sst.Stack {
constructor(scope, id, props) {
super(scope, id, props);
//Create user pool
const userPool = new cognito.UserPool(this, "UserPool", {
userPoolName: "UserPool"
})
new cognito.CfnUserPoolResourceServer(this, "dev-userpool-resource-server", {
identifier: "vehicles",
name: "vehicles api",
userPoolId: userPool.userPoolId,
scopes: [
{
scopeDescription: "Get vehicles",
scopeName: "read",
},
],
});
const userPoolClient = new cognito.UserPoolClient(this, "UserPoolClient", {
userPool,
generateSecret: true,
preventUserExistenceErrors: true,
oAuth: {
flows: {
clientCredentials: true,
},
scopes: [cognito.OAuthScope.custom("vehicles/read")]
},
authFlows: {
userSrp: true,
refreshToken: true
},
supportedIdentityProviders: [cognito.UserPoolClientIdentityProvider.COGNITO]
})
new cognito.UserPoolDomain(this, "UserPoolDomain", {
userPool,
cognitoDomain: {
domainPrefix: 'service-api-pool-domain-jedi-master'
}
})
// Create the HTTP API
const api = new sst.Api(this, "Api", {
defaultAuthorizer: new apiAuthorizers.HttpUserPoolAuthorizer({
userPool,
userPoolClient
}),
defaultAuthorizationType: sst.ApiAuthorizationType.JWT,
routes: {
"GET /vehicles": "src/list.main",
"GET /vehicles/{id}": "src/get.main",
"PUT /vehicles/{id}": "src/update.handler"
},
});
// Show API endpoint in output
this.addOutputs({
"ApiEndpoint": api.url,
});
}
}
Frank
Marcelo Olivas
05/21/2021, 1:26 PMFrank
userPool.addResourceServer()
instead of this:
new cognito.CfnUserPoolResourceServer(this, "dev-userpool-resource-server", {
identifier: "vehicles",
name: "vehicles api",
userPoolId: userPool.userPoolId,
scopes: [
{
scopeDescription: "Get vehicles",
scopeName: "read",
},
],
});
https://docs.aws.amazon.com/cdk/api/latest/docs/aws-cognito-readme.html#resource-serversMarcelo Olivas
05/21/2021, 4:17 PMconst userPool = new cognito.UserPool(this, "UserPool", {
userPoolName: "UserPool"
})
const userPoolClient = new cognito.UserPoolClient(this, "UserPoolClient", {
userPool,
generateSecret: true,
preventUserExistenceErrors: true,
authFlows: {
userSrp: true,
refreshToken: true
},
supportedIdentityProviders: [cognito.UserPoolClientIdentityProvider.COGNITO]
})
new cognito.UserPoolDomain(this, "UserPoolDomain", {
userPool,
cognitoDomain: {
domainPrefix: 'service-api-pool-domain-jedi-master'
}
})
I still get the error: invalid_scope
.🤷♂️