-
-
Save wontondon/e1e8ff07fe21533d79d7c410277044c9 to your computer and use it in GitHub Desktop.
Bash script - AWS CLI Cognito User Sign Up using a client app with client secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Found in user pool "General Settings / App clients" -- you can always add another if needed | |
| APP_CLIENT_ID="abcdefg1234567" | |
| APP_CLIENT_SECRET="a1b2c3d4e5f6g7h8i9j10" | |
| # User details for Cognito | |
| USERNAME=$(uuidgen) # Cognito user name -- if you don't have this aliased, use an email for the username | |
| EMAIL="[email protected]" # Extra attributes (specified when creating the user pool) | |
| PASSWORD="MyTestPassword!" | |
| # Profile from ~/.aws/credentials | |
| PROFILE="my_profile" | |
| # HMAC Computed hash -- SHA256 with key APP_CLIENT_SECRET of USERNAME+APP_CLIENT_ID and base64'd | |
| # See: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash | |
| COMPUTED_HASH=$(echo -n "${USERNAME}${APP_CLIENT_ID}" | openssl dgst -sha256 -hmac ${APP_CLIENT_SECRET} -binary | openssl enc -base64) | |
| aws cognito-idp sign-up \ | |
| --client-id ${APP_CLIENT_ID} \ | |
| --secret-hash ${COMPUTED_HASH} \ | |
| --user-attributes Name=email,Value=${EMAIL} \ | |
| --username ${USERNAME} \ | |
| --password ${PASSWORD} \ | |
| --profile ${PROFILE} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment