8

OpenID providers publish their metadata at a well-known URL. In Okta it looks something like this: https://dev-599740.okta.com/oauth2/default/.well-known/oauth-authorization-server Is there a similar URL for a AWS Cognito user pool? if not how do I find out the following endpoints of a AWS Cognito userpool?

  1. Client Registration Endpoint
  2. Introspection Endpoint
  3. Token Revoke Endpoint
Akshitha Dalpethado
  • 385
  • 4
  • 12

1 Answers1

21

Format of a well-know URL for a specific AWS Cognito Userpool is as follows : https://cognito-idp.[region].amazonaws.com/[userPoolId]/.well-known/openid-configuration

Akshitha Dalpethado
  • 385
  • 4
  • 12
  • Thanks for that! Is it also possible to retriev the public certificate, which Cognito uses to sign its JWT? I need that for offline validation of my JWT at hand. – Sauer Jul 18 '22 at 12:00
  • 2
    Ah found it: https://cognito-idp.eu-west-1.amazonaws.com/xxx/.well-known/jwks.json – Sauer Jul 18 '22 at 12:01