I’m deploying my application with a cognito user pool for auth2 authentication with client credentials.
After deploying with serverless I try to get a new access token via postman and get the answer “invalid grant”. If I go to the aws console, to the app client page, reload it and press save (without changing anything) it works. I can request the access token and can connect to my api gateway.
This happens everytime when I deploy, which prevents me from automatic deployment. i always have to save in the amazon console to get it working.
Here is my serverless.yml:
UserPoolDomain: Type: AWS::Cognito::UserPoolDomain Properties: UserPoolId: Ref: CognitoUserPool Domain: "myapp-user-pool-domain" CognitoUserPool: Type: "AWS::Cognito::UserPool" Properties: MfaConfiguration: OFF UserPoolName: myapp-user-pool AdminCreateUserConfig: AllowAdminCreateUserOnly: true UsernameAttributes: - email CognitoUserPoolClient: Type: "AWS::Cognito::UserPoolClient" Properties: ClientName: myapp-user-pool-client GenerateSecret: True UserPoolId: Ref: CognitoUserPool AllowedOAuthFlows: [ "client_credentials"] ExplicitAuthFlows: ["ALLOW_USER_PASSWORD_AUTH","ALLOW_REFRESH_TOKEN_AUTH" ] SupportedIdentityProviders: [ "COGNITO" ] AllowedOAuthScopes: [ "myapp/odata4","myapp/trigger" ] PreventUserExistenceErrors: ENABLED ApiGatewayAuthorizer: DependsOn: - ApiGatewayRestApi Type: AWS::ApiGateway::Authorizer Properties: Name: cognito-authorizer IdentitySource: method.request.header.Authorization RestApiId: Ref: ApiGatewayRestApi Type: COGNITO_USER_POOLS ProviderARNs: - Fn::GetAtt: [ CognitoUserPool, Arn ] UserPoolResourceServer: Type: AWS::Cognito::UserPoolResourceServer Properties: UserPoolId: Ref: CognitoUserPool Identifier: "myapp" Name: "myapp" Scopes: - ScopeName: "results" ScopeDescription: "provides myapp results" - ScopeName: "trigger" ScopeDescription: "trigger for myapp start"
Has someone an idea? What is changed by pressing the save button in aws?