Cognito User Pool Auth Endpoints
- Authorization endpoint
- used to sign the user in.
POST /oauth2/token
- Login endpoint
- The backend server redirects the user's browser to this endpoint and does not make the request itself.
GET /login
- Token endpoint
- Used to retrieve the various user tokens, by providing the
code
retrieved from the SSO when the user hit the login endpoint. - The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
POST /oauth2/token
- Used to retrieve the various user tokens, by providing the
- User info endpoint
- Used to retrieve information about the user through the use of their tokens which were retrieved through using the token endpoint.
- The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
GET /oauth2/userInfo
- Logout endpoint
- The backend server redirects the user's browser to this endpoint and does not make the request itself.
GET /logout
- Revocation endpoint
- used to invalidate all of the access tokens that were generated by the specified refresh token.
- The backend of the client (PHP server) makes the request to this endpoint directly (e.g. a Guzzle request) and not through a browser (e.g. not a user redirect).
POST /oauth2/revoke
The authorization endpoint and login endpoint appear to serve the same purpose and thus its hard to understand the difference between them.
References
Last updated: 18th November 2021
First published: 18th November 2021
First published: 18th November 2021