Cognito User Pool Auth Endpoints
- Authorization endpoint
- used to sign the user in.
POST /oauth2/token
- Login endpoint
- The backend server redirects the user's browser to this endpoint and does not make the request itself.
GET /login
- Token endpoint
- Can be used to retrieve the various user tokens, by providing the
code
retrieved from the SSO when the user hit the login endpoint. In this casegrant_type
is set tocode
. - Also used with a provided refresh token in order to retrieve a fresh access token, in which case, need to specify
grant_type
asrefresh_token
. - The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
POST /oauth2/token
- Can be used to retrieve the various user tokens, by providing the
- User info endpoint
- Used to retrieve information about the user through the use of their tokens which were retrieved through using the token endpoint.
- The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
GET /oauth2/userInfo
- Logout endpoint
- The backend server redirects the user's browser to this endpoint and does not make the request itself.
GET /logout
- Revocation endpoint
- used to invalidate all of the access tokens that were generated by the specified refresh token.
- The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
POST /oauth2/revoke
The authorization endpoint and login endpoint appear to serve the same purpose and thus its hard to understand the difference between them.
References
Last updated: 20th October 2022
First published: 18th November 2021
First published: 18th November 2021