Test API with Cognito authentication

Get a test token

Get an App Secret Hash

Use the script described in https://aws.amazon.com/premiumsupport/knowledge-center/cognito-unable-to-verify-secret-hash/

With arguments:

one username from the pool (not from JPL directory)
the app client id (found in the aws cognito console, in General Settings / App Clients)
the app client secret (found in the aws cognito console, in General Settings / App Clients / Show Details)

You'll get a Client App Secret Hash

Get the token

Use this pull request:

curl -X POST https://cognito-idp.us-west-2.amazonaws.com/ --header 'Content-Type: application/x-amz-json-1.1' --header 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' -d '{ "AuthParameters" : { "USERNAME" : "<username>", "PASSWORD" : "<password>" , "SECRET_HASH":"<Client App Secret Hash>"}, "AuthFlow" :"USER_PASSWORD_AUTH", "ClientId" : "<app client id>"}'

You'll get a full token. Copy the AccessToken value.

Test the API with the token

configure the API with the token

In the .ini configuration file (see https://nasa-pds.github.io/doi-service/installation/index.html#configuration),

complete the section:

[API_AUTHENTICATION]
# Add the issuer of the oauth tokens, for cognito https://cognito-idp.<aws-region>.amazonaws.com/<userpoolID>
jwt_issuer = ...
# Add the public key of the oauth, for cognito, see https://cognito-idp.<aws-region>.amazonaws.com/<userpoolID>/.well-known/jwks.json, one of the kid value
jwt_secret = ...

Start the API

pds-doi-api

Test a request with the token:

`curl --request POST 'http://0.0.0.0:8085/PDS_APIs/pds_doi_api/0.2/dois?action=update&url=http://dfdf&[email protected]&node=ENG' --header 'Authorization: Bearer <the token string>'`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly