Goal

I want to authenticate a user in AWS Cognito using plain HTTP calls - no Amplify or other libs.

Solution

Take a look at the official InitiateAuth API.

If you want to e.g. authenticate a user using USER_PASSWORD_AUTH flow you can issue the following request (using IntelliJ HTTP Request syntax):

POST https://cognito-idp.[YOUR-REGION-GOES-HERE].amazonaws.com/
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth

{
    "AuthFlow" : "USER_PASSWORD_AUTH",
    "ClientId" : [YOUR-CLIENT-ID-FROM-COGNITO-USER-POOL].
    "AuthParameters" : {
        "USERNAME" : [YOU-KNOW-WHAT-GOES-HERE],
        "PASSWORD" : [SAME-HERE]
    },

}

e.g.

POST https://cognito-idp.eu-central-1.amazonaws.com/
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth

{
    "AuthFlow" : "USER_PASSWORD_AUTH",
    "ClientId" : "123456789abcdefghijklmnopq",
    "AuthParameters" : {
        "USERNAME" : "user",
        "PASSWORD" : "secretPassword"
    }
}

Dependent on the used AuthFlow you need to pass appropriate AuthParameters. E.g. for "AuthFlow" = "USER_SRP_AUTH" you’d need to pass SRP_A param as mentioned in the docs.