I am trying to authorize with an ALB from python. As I understand the ALB looks for "AWSELBAuthSessionCookie" cookies before letting you to the website. I also see these cookies when logging into the application myself (using username and password). Question is how do I obtain the values of these cookies if I want to authenticate myself to the website/api from a python program. Has anybody done this before?
Asked
Active
Viewed 408 times
1 Answers
2
I had the exact same problem and could only make it work using an API Gateway since they allow authorization via JWT in the authorization header of the request. This can easily be done in Python, e.g.
import boto3
import requests
client = boto3.client(
"cognito-idp",
region_name="<aws region of the cognito app client>"
)
response = client.initiate_auth(
ClientId="<cognito app client ID>",
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": "<username>",
"PASSWORD": "<password>",
"SECRET_HASH": "<secret hash>",
},
)
token = response["AuthenticationResult"]["AccessToken"]
headers = {"Authorization": f"Bearer {token}"}
requests.get("<api gateway url>", headers=headers)
However, I also needed to allow authorization via the Cognito UI. Thus, I had to use both the ALB and API Gateway.
While this solved the issue of making my application available both from the browser (i.e. for humans) as well as from code (i.e. for machines), it introduced a lot of additional AWS components I had to use. And, as a disadvantegous side effect, the API has a request payload limit of 10MB that cannot be increased. This is another issue for me.
I know it's been a year, but if you've solved the issue, feel free to share your solution.
faemmi
- 201
- 1
- 4