How to generate access token for an AWS Cognito user?

There is an AWS CLI command to generate Auth Tokens. You can use InitiateAuth CLI Command for this.

Note: Make sure you have done the UserPool configuration matching the expected tokens.


Use the following command to generate the auth tokens, fill in the xxxx appropriately based on your cognito configuration,

aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id xxxx --auth-parameters [email protected],PASSWORD=xxxx

Note: You can use any one username or password under applicable cognito user pool. The client can be found under general settings--> app client

The AccessKeyId and SecretAccessKey is not required as it already defined while setting up the aws cli. If not done use the following link to set that up first https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html


You can do this using the following CLI commands:

Register a user

aws cognito-idp sign-up --region {your-aws-region} --client-id {your-client-id} --username [email protected] --password password123

Confirm user registration

aws cognito-idp admin-confirm-sign-up --region {your-aws-region} --user-pool-id {your-user-pool-id} --username [email protected]

Authenticate (get tokens)

aws cognito-idp admin-initiate-auth --region {your-aws-region} --cli-input-json file://auth.json

Where auth.json is:

{
    "UserPoolId": "{your-user-pool-id}",
    "ClientId": "{your-client-id}",
    "AuthFlow": "ADMIN_NO_SRP_AUTH",
    "AuthParameters": {
        "USERNAME": "[email protected]",
        "PASSWORD": "password123"
    }
}

You should get a response like this if everything is set up correctly:

{
    "AuthenticationResult": {
        "ExpiresIn": 3600,
        "IdToken": "{your-idtoken}",
        "RefreshToken": "{your-refresh-token}",
        "TokenType": "Bearer",
        "AccessToken": "{your-access-token}"
    },
    "ChallengeParameters": {}
}