Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Cognito User Pool Auth Endpoints

  • Authorization endpoint
    • used to sign the user in.
    • POST /oauth2/token
  • Login endpoint
    • The backend server redirects the user's browser to this endpoint and does not make the request itself.
    • GET /login
  • Token endpoint
    • Can be used to retrieve the various user tokens, by providing the code retrieved from the SSO when the user hit the login endpoint. In this case grant_type is set to code.
    • Also used with a provided refresh token in order to retrieve a fresh access token, in which case, need to specify grant_type as refresh_token.
    • The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
    • POST /oauth2/token
  • User info endpoint
    • Used to retrieve information about the user through the use of their tokens which were retrieved through using the token endpoint.
    • The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
    • GET /oauth2/userInfo
  • Logout endpoint
    • The backend server redirects the user's browser to this endpoint and does not make the request itself.
    • GET /logout
  • Revocation endpoint
    • used to invalidate all of the access tokens that were generated by the specified refresh token.
    • The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
    • POST /oauth2/revoke

The authorization endpoint and login endpoint appear to serve the same purpose and thus its hard to understand the difference between them.

References

Last updated: 20th October 2022
First published: 18th November 2021