Simple PHP code for AWS Cognito OAuth2 authentication and extract client data from user pool

 


       require '<your-path>/vendor/autoload.php';

        use Aws\CognitoIdentityProvider\CognitoIdentityProviderClient;
        use Aws\Exception\AwsException;
        use GuzzleHttp\Client;
        use GuzzleHttp\HandlerStack;
        use GuzzleHttp\Middleware;
        use GuzzleHttp\Psr7\Uri;
        use Firebase\JWT\JWT;
        use Firebase\JWT\Key;

$clientId     = '<YOUR-CLIENT-ID>';
        $accessKey    = '<YOUR-AWS-ACCESS-KEY>';
        $clientSecret = '<YOUR-AWS-CLIENT-SECRET>';
        $userPoolId   = '<YOUR-AWS-USER-POOL-ID>';
        $tokenUrl     = 'https://<DOMAIN>.auth.<YOUR-REGION>.amazoncognito.com/oauth2/token';
        $redirectUri  = '<YOUR-REDIRECT-URL>';

        $authorizationCode = $_GET['code'];

        $credentials = new Credentials($this->accessKey, $this->clientSecret);
        try{

            $handlerStack = HandlerStack::create();
            $handlerStack->push(Middleware::mapRequest(function ($request) {
                return $request->withHeader('verify', false);
            }));

            // Create a client with the customized handler stack
            $client = new Client([
                'handler' => $handlerStack,
                'verify' => false,
            ]);

            $response = $client->post($this->tokenUrl, [
              'form_params' => [
                  'Content-Type'  =>'application/x-www-form-urlencoded\r\n',
                  'grant_type'    => 'authorization_code',
                  'client_id'     => $this->clientId,
                  'client_secret' => $this->clientSecret,
                  'code'          => $authorizationCode,
                  'redirect_uri'  => $this->redirectUri,
                  'verify'        => false,
              ],
            ]);

          $responseBody     = $response->getBody()->getContents();
            $tokenData      = json_decode($responseBody, true);
            // Get the ID token and access token
                $accessToken      = $tokenData['access_token'];
                $refresh_token    = $tokenData['refresh_token'];
                $idToken          = $tokenData['id_token'];
            error_log("getAccessCode3  idToken : $idToken");

            // Decode the ID token to get user data
            $decodedIdToken = json_decode(
                        base64_decode(
                    str_replace('_',
                                '/',
                                str_replace('-', '+', explode('.', $idToken)[1]))),
                            true);

            // Print user data
            error_log('getAccessCode3 User ID: ' . $decodedIdToken['sub'] );
            error_log('getAccessCode3 Username: ' . $decodedIdToken['cognito:username'] );
            error_log('getAccessCode3 Email: ' . $decodedIdToken['email'] );

        }catch(AwsException $e){
            error_log("getAccessCode3 AwsException : " . $e->getMessage());
        }

Comments

Post a Comment

Popular posts from this blog

WAMP64: AWS HTTP error: cURL error 60: SSL certificate problem: unable to get local issuer certificate

Image
  Often, cURL error 60: SSL certificate problem: unable to get local issuer certificate error occurs when we try to call the API with the secure  https://  protocol in the request URL. This error occurs because the API call makes a secure connection request using the self-signed certificate. When it does not find a valid certificate, it throws an error. It has a very very simple solution. We just need to download the certificate and set the path.  1. Download the  “cacert.pem”  free certificate file from the official website here:  http://curl.haxx.se/docs/caextract.html 2. Move the  cacert.pem  file in a reachable destination for the PHP. It is advisable to move the file for the WAMP user to  C:\wamp64\bin\php\cacert.pem , for XAMPP user to C:\xampp\php\extras\ssl\cacert.pem, for the AMPPS user to  C:\Program Files (x86)\Ampps\php\extras\ssl\cacert.pem 3.  Now, open your  php.ini   file and find the   “curl.cainfo”   option. You will see something like the following: curl.cainfo = &qu
Read more