skip to Main Content

I’m using this below to get the access token of a logged in user.

Future<void> fetchCognitoAuthSession() async {
    try {
      final cognitoPlugin = Amplify.Auth.getPlugin(AmplifyAuthCognito.pluginKey);
      final result = await cognitoPlugin.fetchAuthSession();
      final userPoolTokensResult = result.userPoolTokensResult.toJson();
      safePrint("Current user's userPoolTokensResult: $userPoolTokensResult");
    } on AuthException catch (e) {
      safePrint('Error retrieving auth session: ${e.message}');
    }
  }

But when i try to get the user using boto3 I get a not authorized exception.

import boto3
client = boto3.client('cognito-idp')
response = client.get_user(
    AccessToken='accesstoken')
print(response)

botocore.errorfactory.NotAuthorizedException: An error occurred (NotAuthorizedException) when calling the GetUser operation: Could not verify signature for Access Token

Am I doing something wrong or there’s a way to verify the signature?

I tried verifying the token on jwt.io and It says it’s not signed but I don’t know how to proceed.

2

Answers


  1. Chosen as BEST ANSWER

    I realized the issue was with the token I was trying to get a user with. Flutter does not print the full token and this left out part of the signature. So me copying and pasting directly was the cause.


  2. You should add following scope "aws.cognito.signin.user.admin" with user login scope. Thwn only you get user details using boto3. You can use userInfo API endpoint for getting user info instead boto3,userInfo API can access without use "aws.cognito.signin.user.admin"

    find below sample endpoint details:

    GET https:///oauth2/userInfo
    headers={Authorization: Bearer <access_token>}

    Response sample:

                   {
                      "sub": "248289761001",
                      "name": "Jane Doe",
                      "given_name": "Jane",
                      "family_name": "Doe",
                      "preferred_username": "j.doe",
                      "email": "[email protected]",
                      "phone_number": "+12065551212",
                      "email_verified": "true",
                      "phone_number_verified": "true"
                   }
        
            
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search