Create Cognito using Cloudformation
aws cloudformation create-stack --stack-name mac-cognito --template-body file://cloudformation/cognito.yml
Update config.
Add value of CognitoUserPoolId
and CognitoWebClientId
from CloudFormation Output into mac-ngweb\src\environments\environment.ts
Add https://cognito-idp.ap-southeast-1.amazonaws.com/{USER_POOL_ID}
into mac-bootapi\src\main\resources\application.properties
Run Web app
Run API
cd mac-bootapi
mvn spring-boot:run
Test Web client (Use amazon-cognito-identity-js for register and login)
Open http://localhost:4200/signup and try register
Open AWS Console and confirm user
Open http://localhost:4200/singin and try login
Test API client (Use Client credential flow for getting access_token)
Open App client MacApiClient
in AWS web console.
Click Edit
button under Hosted UI and then click Save changes
. (For some reasons we have to click Save changes
button in order to get access_token without invalid_grant
error)
Get access_token
curl --location --request POST 'https://macweb.auth.ap-southeast-1.amazoncognito.com/oauth2/token?grant_type=client_credentials&client_id={CLIENT_ID}&scope=https://localhost/macall' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {BASE_64(CLIENT_ID:CLIENT_SECRET)}'
// https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
Call API from resource server
curl --location --request GET 'http://localhost:8080/products' \
--header 'Authorization: Bearer {ACCESS_TOKEN}' \
--header 'Cookie: JSESSIONID=18AA8D1213AD1C441AB9C9E9CB217AC7'