How to Generate Amazon Cognito Access Using Postman

In this tutorial, we will learn how to generate an access token in Amazon Cognito using Postman. 

1. Introduction

When testing a secured REST API, we often need to generate an access token and send it along with the request to authorized our request.

2. Create a Manage User Pool in Amazon Cognito

2.1 Login to your AWS account.

2.2 Hover on the Services menu and select Cognito.

2.2 In the User Pools screen, click Create a User Pool on the top right side.

2.3 Enter the pool name and click step through settings.

2.4 In the, How do you want users to signin, select email and enable case insensitivity.

2.5 In the standard attribute section, you can check the attributes that you wanted to save. These attributes will be asked during the user registration process.

2.6 Click Next.

2.7 In the Password section, leave everything by default and click Next.

2.8 On the Multi Factor Authentication page, you can leave everything by default as well. For this exercise, let's just set Email for the account recovery.

2.9 Click Next.

2.10 In the Message Customization section, leave everything by default and click Next.

2.11 Next is the Tags section, here you can tag this User Pool resource, but we will leave it blank. Click Next.

2.12 Leave everything by default in the Devices section and click Next.

2.13 On the App Clients section, click Add an app client and enter the following details:

• App client name: frontend-web
• Check: Generate Client Secret
• Check: Enable Username and Password

Click Create app client.

*Take note of the Client Id and Secret.

Click Next.

2.14 In the Triggers section, click Next.

2.15 Next is the Review section, double-check the values that you have entered. Click Create pool when you're satisfied.

2.16 In the left menu, click App client settings.

• Check the Cognito User Pool
• Enter the Callback URL: http://localhost:3000, I normally use React frontend for testing (not really needed to run a node server though, just set the value)
• Sign out URL: http://localhost:3000, this is where Cognito redirects after signout
• Check Authorization Code Grant and check both email and openid

Click Save Changes.

2.17 In the Domain name section, enter czetsuyatechdev.

Click Save changes.

And now we are ready to get our access token.

2.18 Open Users and Groups menu.

2.19 Create a new user like the screen below.

Click Create user.

2.20 Click the Groups tab, you can also treat it as Role.

2.21 Create a new role User.

2.21 Go back to the Users tab and open our newly created user.

2.21 Click Add to group and select the "User" group.

2.22 You should see the user in the User group's detail page.

3. Postman

If you haven't done so, download and install Postman.

3.1 Open Postman, create a Collection, and Add a new Request with the name "Get Token".

3.2 Click the Authorization tab.

3.3 Under the Type dropdown, select OAuth2.

3.4 In the Configure token view, enter as follows. Double-check the details in the Cognito's App client settings.

*Don't even bother copying my client secret, as this app client will be deleted the moment I published this blog :-)

3.5 Click Get New Access Token, and a login screen should show. Enter your details.

Click Sign in.

3.6 It will ask for you for a new password and ask for the required fields we set in the client. In our case Firstname and Lastname.

Hit Send.

3.7 It should generate the access token and automatically assign it as Bearer to the header of the request. Now you can send this request and it should be able to access your secured REST API.

4. In this blog, we learn how to create a new Manage User Pool in Amazon Cognito and generate an access token in Postman. This token in turn is set as Bearer in the header of the request.