Last active
January 12, 2024 03:13
-
-
Save jaymes-bearden/813a3ae973490b5969c6a3dd208f9f20 to your computer and use it in GitHub Desktop.
Bash script - AWS CLI Cognito User Sign Up using a client app with client secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Found in user pool "General Settings / App clients" -- you can always add another if needed | |
| APP_CLIENT_ID="abcdefg1234567" | |
| APP_CLIENT_SECRET="a1b2c3d4e5f6g7h8i9j10" | |
| # User details for Cognito | |
| USERNAME=$(uuidgen) # Cognito user name -- if you don't have this aliased, use an email for the username | |
| EMAIL="[email protected]" # Extra attributes (specified when creating the user pool) | |
| PASSWORD="MyTestPassword!" | |
| # Profile from ~/.aws/credentials | |
| PROFILE="my_profile" | |
| # HMAC Computed hash -- SHA256 with key APP_CLIENT_SECRET of USERNAME+APP_CLIENT_ID and base64'd | |
| # See: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash | |
| COMPUTED_HASH=$(echo -n "${USERNAME}${APP_CLIENT_ID}" | openssl dgst -sha256 -hmac ${APP_CLIENT_SECRET} -binary | openssl enc -base64) | |
| aws cognito-idp sign-up \ | |
| --client-id ${APP_CLIENT_ID} \ | |
| --secret-hash ${COMPUTED_HASH} \ | |
| --user-attributes Name=email,Value=${EMAIL} \ | |
| --username ${USERNAME} \ | |
| --password ${PASSWORD} \ | |
| --profile ${PROFILE} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
That computed hash line is a super important piece of information IMO. Kudos for that 🙌