OAuth 2.0 Authorization code grant using AWS Cognito and Postman

preview_player
Показать описание
The authorization code grant is the preferred method for authorizing end users. Instead of directly providing user pool tokens to an end user upon authentication, an authorization code is provided. This code is then sent to a custom application that can exchange it for the desired tokens. Because the tokens are never exposed directly to an end user, they are less likely to become compromised.

Use Amazon Cognito for user authentication (sign in, sign up, login with identity providers etc) in front of an Amazon API Gateway. Usually the API endpoints control access using Amazon Cognito user pools as authorizer

In these type of APIs, testing the API using Postman is a good practice. Use of Postman helps distributing the API contracts easily while helping you as a developer to run different types of tests without a full-blown client implementation.

  1. Raaviblog
  2. Connecting Postman to Amazon Cognito User Pools
  3. Testing OAuth2 Authorization Flow with Postman
  4. Oauth 2.0 Authorization Code Flow
  5. OAuth 2.0
  6. OAuth 2.0 Authorization code grant
Рекомендации по теме
Authorization Code Grant 0:04:25

Authorization Code Grant Flow Overview

OAuth 2 Explained 0:04:32

OAuth 2 Explained In Simple Terms

OAuth 2.0 explained 0:10:03

OAuth 2.0 explained with examples

OAuth 2.0 Authorization 0:00:41

OAuth 2.0 Authorization Code Grant Flow

Authorization Code Grant 0:15:44

Authorization Code Grant - OAuth2.0&OpenID_4

OAuth Authorization code 0:11:49

OAuth Authorization code flow

Oauth 2.0 Authorization 0:15:52

Oauth 2.0 Authorization Code Flow | Microsoft Graph

Understanding OAuth2 Authorization 0:12:01

Understanding OAuth2 Authorization Code Grant Type

oAuth for Beginners 0:10:43

oAuth for Beginners - How oauth authentication🔒 works ?

#1. OAuth 2.0 0:13:04

#1. OAuth 2.0 Flow | Authorization Grant | Access Token | Authorization Server | Authorization Code|

OAuth 2.0: An 0:06:34

OAuth 2.0: An Overview

9. OAuth2.0 authorization 0:01:33

9. OAuth2.0 authorization code grant flow

Get an Access 0:07:23

Get an Access Token Using Auth Code Grant | Developer Education

OAuth 2.0 - 0:09:16

OAuth 2.0 - a dead simple explanation

OAuth2 0 Authorization 0:07:31

OAuth2 0 Authorization with Postman

POSTMAN API OAUTH2 0:01:00

POSTMAN API OAUTH2 CLIENTCREDENTIALS

OAuth Grant Types 0:06:37

OAuth Grant Types

OAuth 2.0 Authorization 0:11:05

OAuth 2.0 Authorization code grant using AWS Cognito and Postman

OAuth 2.0 Tutorial 0:04:40

OAuth 2.0 Tutorial 2 Authorization Code Grant Type using Layer 7 OAuth Toolkit

24. OAuth 2.0: 0:35:24

24. OAuth 2.0: Explained with API Request and Response Sample | High Level System Design

Wrapping up OAuth 1:01:15

Wrapping up OAuth 2.0 with the Authorization Code grant type

OAuth Grant Types 0:13:16

OAuth Grant Types simplified for decision makers

OAuth 2.0 and 1:02:17

OAuth 2.0 and OpenID Connect (in plain English)

Visualizing the OAuth 0:01:42

Visualizing the OAuth Flow and Why PKCE is Needed

Комментарии
Автор

Thank you - shows exactly what I needed in Postman. One suggestion - re-record the video with the new "Experience" from AWS. Sorry, they changed the UI ... AGAIN :). This will bring more views.

georgesmith
Автор

thank you Ravi, very good explanation

carloscontreraschavez
Автор

Great tutorial - gave you thumbs-up. Just one little detail that evaded me. On the diagram you showed the user clicking on a login link (top left), but then we seem to only simulate that click with postman, right? I don't think there was an actual link on a page that this end-user clicked. Thanks in advance for confirming.

georgesmith
Автор

Thanks for this video Raavi. I have a question: once you get the access tokens, should they be stored to invoke subsequent API calls? I have been using the implicit grant flow so far, and as far as i understand, after getting access tokens these are stored in the browser's cookies for later calls. It does not come clear to me what to do with these tokens in the authorization code grant flow. Thanks a lot!

alejopaullier
visit shbcf.ru