AWS Cognito Authentication USER_PASSWORD_AUTH flow not enabled for this client

user9374347 picture user9374347 · Feb 27, 2018 · Viewed 18.5k times · Source

I have an mobile app with user pool (username & password). The app works fine with aws-amplify sdk. But, wanted to move the code out to Lambdas. So, I have written the following Lambda using Boto3.

Here is Lambda:

import boto3

def lambda_handler(event, context):
    client = boto3.client('cognito-idp')
    response = client.initiate_auth(
        ClientId='xxxxxxxxxxxxxx',
        AuthFlow='USER_PASSWORD_AUTH',
        AuthParameters={
            'USERNAME': 'xxxxxx',
            'PASSWORD': 'xxxxxx'
        }
    )
    return response

Tried admin_initiate_auth too.

import boto3
def lambda_handler(event, context):
    client = boto3.client('cognito-idp')
    response = client.initiate_auth(
        UserPoolId='xxxxxxxxx',
        ClientId='xxxxxxxxxxxxxx',
        AuthFlow='USER_PASSWORD_AUTH',
        AuthParameters={
            'USERNAME': 'xxxxxx',
            'PASSWORD': 'xxxxxx'
        }
    )
    return response

Here is the error the I get.

An error occurred (InvalidParameterException) when calling the InitiateAuth operation: USER_PASSWORD_AUTH flow not enabled for this client: InvalidParameterException Traceback (most recent call last):
File "/var/task/lambda_function.py", line 12, in lambda_handler 'PASSWORD': 'xxxxx' File "/var/runtime/botocore/client.py", line 317, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 615, in _make_api_call raise error_class(parsed_response, operation_name) InvalidParameterException: An error occurred (InvalidParameterException) when calling the InitiateAuth operation: USER_PASSWORD_AUTH flow not enabled for this client

Any thoughts?

Answer

user9374347 picture user9374347 · Feb 27, 2018

Figured it. I have goto user pool - > app clients - >show details -> Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH).

That fixed it.