Authentication
EconData relies on AWS Cognito for authentication. Requests to the EconData API require, in most instances, authentication provided by a bearer token in the requests authorization header.
The OAuth 2.0 token endpoint at /oauth2/token issues JSON web tokens (JWTs). These tokens are the end result of authentication with a user pool. They contain information about the user (ID token), the user’s level of access (access token), and the user’s entitlement to persist their signed-in session (refresh token). Tokens provide verifiable proof of authentication, profile information, and a mechanism for access to back-end systems.
The user pool OAuth 2.0 authorization server issues JSON web tokens (JWTs) from the token endpoint to the following types of sessions:
- Users who have completed a request for an authorization code grant. Successful redemption of a code returns ID, access, and refresh tokens.
- Machine-to-machine (M2M) sessions that have completed a client-credentials grant. Successful authorization with the client secret returns an access token.
- Users who have previously signed in and received refresh tokens. Refresh token authentication returns new ID and access tokens.
For more information see the token issuer endpoint guide.
POST /oauth2/token
The /oauth2/token endpoint only supports HTTPS POST. Your app makes requests to this endpoint directly.
Request parameters in body
The following are parameters that you can request in x-www-form-urlencoded format in the request body to the authorization endpoint.
grant_type
The type of OIDC grant that you want to request. client_credentials are relevant for M2M sessions.
client_id
The ID of an app client in your user pool.
client_secret
The client secret for the app client.