CognitoIdentity / Client / get_open_id_token



Gets an OpenID token, using a known Cognito ID. This known Cognito ID is returned by GetId. You can optionally add additional logins for the identity. Supplying multiple logins creates an implicit link.

The OpenID token is valid for 10 minutes.

This is a public API. You do not need any credentials to call this API.

See also: AWS API Documentation

Request Syntax

response = client.get_open_id_token(
        'string': 'string'
  • IdentityId (string) –


    A unique identifier in the format REGION:GUID.

  • Logins (dict) –

    A set of optional name-value pairs that map provider names to provider tokens. When using and, supply the access_token returned from the provider’s authflow. For, an Amazon Cognito user pool provider, or any other OpenID Connect provider, always include the id_token.

    • (string) –

      • (string) –

Return type:



Response Syntax

    'IdentityId': 'string',
    'Token': 'string'

Response Structure

  • (dict) –

    Returned in response to a successful GetOpenIdToken request.

    • IdentityId (string) –

      A unique identifier in the format REGION:GUID. Note that the IdentityId returned may not match the one passed on input.

    • Token (string) –

      An OpenID token, valid for 10 minutes.


  • CognitoIdentity.Client.exceptions.InvalidParameterException

  • CognitoIdentity.Client.exceptions.ResourceNotFoundException

  • CognitoIdentity.Client.exceptions.NotAuthorizedException

  • CognitoIdentity.Client.exceptions.ResourceConflictException

  • CognitoIdentity.Client.exceptions.TooManyRequestsException

  • CognitoIdentity.Client.exceptions.InternalErrorException

  • CognitoIdentity.Client.exceptions.ExternalServiceException