'Cognito user pool federated user unable to intiate-auth

Does AWS CLI cognito-idp initiate-auth support the USER_PASSWORD_AUTH flow for federated users from an external IdP (SAML provider)?

When I try to run initiate-auth, I am getting the below errors.

aws cognito-idp initiate-auth --region us-east-1 --auth-flow USER_PASSWORD_AUTH --client-id <my_client_id> --auth-parameters USERNAME=<username>,PASSWORD=<password>

An error occurred (NotAuthorizedException) when calling the InitiateAuth operation: User is not authorized to get auth details.

As a debugging step, I created a local user in the userpool, and using that I am able to get an AuthenticationResult back.

Also, the username and password work with a browser flow. (It redirects to my app url with the code) when triggered from the Launch Hosted UI link.

Am I missing something in the configuration?

amazon-cognitoamazon-iamaws-cli


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function