Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Cognito User Pool Auth Endpoints

  • Authorization endpoint
    • used to sign the user in.
    • POST /oauth2/token
  • Login endpoint
    • The backend server redirects the user's browser to this endpoint and does not make the request itself.
    • GET /login
  • Token endpoint
    • Can be used to retrieve the various user tokens, by providing the code retrieved from the SSO when the user hit the login endpoint. In this case grant_type is set to code.
    • Also used with a provided refresh token in order to retrieve a fresh access token, in which case, need to specify grant_type as refresh_token.
    • The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
    • POST /oauth2/token
  • User info endpoint
    • Used to retrieve information about the user through the use of their tokens which were retrieved through using the token endpoint.
    • The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
    • GET /oauth2/userInfo
  • Logout endpoint
    • The backend server redirects the user's browser to this endpoint and does not make the request itself.
    • GET /logout
  • Revocation endpoint
    • used to invalidate all of the access tokens that were generated by the specified refresh token.
    • The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
    • POST /oauth2/revoke

The authorization endpoint and login endpoint appear to serve the same purpose and thus its hard to understand the difference between them.

References

Last updated: 20th October 2022
First published: 18th November 2021

This blog is created by Stuart Page

I'm a freelance web developer and technology consultant based in Surrey, UK, with over 10 years experience in web development, DevOps, Linux Administration, and IT solutions.

Need support with your infrastructure or web services?

Get in touch