Using Custom Auth workflow to use OAuth2 without a client secret

James_Piette · November 1, 2024, 4:45am

Goal:
Use OAuth2 for users to use my API resource via my AWS Cognito App Client which doesn't have a client secret.

The OAuth2 authentication doesn't work, because it forces me to provide a client secret.
However, I can't seem to get the Custom Auth to assign the OAUTH2_TOKEN to my Body Authorization variable.

Can someone help me with implementing OAuth2 without a Client Secret?

Darren · November 1, 2024, 6:47pm

Hi @James_Piette! Welcome to the community.

This is an interesting one. I'm used to seeing different resources have slight variations to their OAuth2 flows, but I've never seen one make the client_secret optional. Are you seeing an error with your current implementation or is it just not assigning OAUTH2_TOKEN correctly?