I am trying to use AWS Cognito to authenticate users via Twitch. I have gotten so far as to be redirected back to my backend after Twitch authentication, with a code in the URL. This however seems to be an AWS code (I assume), that I would then exchange for an AWS token.
The reason I say assume here is that I pass the code over to Twitch and am getting an error for an incorrect code. Further to this, when I exchange my Auth Code for an Auth Token with Cognito (via AWS Token Exchange API endpoint), the tokens I get back fail when I try to access the Twitch API, with the error “Invalid OAuth token”.
My problem is two-fold:
First, my backend needs to be able to communicate with Twitch on the user’s behalf (subscribe to pubsub events, etc), and I am not sure how to get the Twitch code (or token) for that user.
Second, I can’t see a way to include the claims object so we can get back e-mail and profile.
I would really love to get Cognito working as having my users in a user pool will make future migrations to SAM far simpler.