Cognito AWS login with Python as a user - NoCredentialsError: Unable to locate credentials

Question

I'm trying to get the session tokens of an user of a website using Cognito from a python script (boto3, warrant).

My code:

boto3.set_stream_logger('botocore', level='DEBUG')
aws = AWSSRP(username=USERNAME, password=PASSWORD, pool_id=POOL_ID,
         client_id=CLIENT_ID, pool_region=POOL_REGION)

tokens = aws.authenticate_user()

Just as easy as that. I have the Pool ID and region, the client ID and the user/password combination. This output this error:

2019-12-22 22:31:11,958 botocore.endpoint [DEBUG] Setting cognito-idp timeout as (60, 60)
2019-12-22 22:31:11,960 botocore.loaders [DEBUG] Loading JSON file: X/lib/python3.7/site-packages/botocore/data/_retry.json
2019-12-22 22:31:11,961 botocore.client [DEBUG] Registering retry handlers for service: cognito-idp
<warrant.aws_srp.AWSSRP object at 0x109482438>
2019-12-22 22:31:11,985 botocore.hooks [DEBUG] Event before-parameter-build.cognito-identity-provider.InitiateAuth: calling handler <function generate_idempotent_uuid at 0x109ea9378>
2019-12-22 22:31:11,985 botocore.hooks [DEBUG] Event before-call.cognito-identity-provider.InitiateAuth: calling handler <function inject_api_version_header_if_needed at 0x109eacd08>
2019-12-22 22:31:11,985 botocore.endpoint [DEBUG] Making request for OperationModel(name=InitiateAuth) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'X-Amz-Target': 'AWSCognitoIdentityProviderService.InitiateAuth', 'Content-Type': 'application/x-amz-json-1.1', 'User-Agent': 'Boto3/1.10.44 Python/3.7.2 Darwin/18.2.0 Botocore/1.13.44'}, 'body': b'{"AuthFlow": "USER_SRP_AUTH", "AuthParameters": {"USERNAME": "X", "SRP_A": "Y"}, "ClientId": "Y"}', 'url': 'https://cognito-idp.eu-west-1.amazonaws.com/', 'context': {'client_region': 'eu-west-1', 'client_config': <botocore.config.Config object at 0x10b195a90>, 'has_streaming_input': False, 'auth_type': None}}
2019-12-22 22:31:11,985 botocore.hooks [DEBUG] Event request-created.cognito-identity-provider.InitiateAuth: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x10b195a58>>
2019-12-22 22:31:11,986 botocore.hooks [DEBUG] Event choose-signer.cognito-identity-provider.InitiateAuth: calling handler <function set_operation_specific_signer at 0x109ea9268>
    Traceback (most recent call last):
  File "/Users/alberto/PycharmProjects/TravelRadarB/test.py", line 34, in <module>
    tokens = aws.authenticate_user()
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/warrant/aws_srp.py", line 206, in authenticate_user
    ClientId=self.client_id
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/client.py", line 276, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/client.py", line 573, in _make_api_call
    operation_model, request_dict, request_context)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/client.py", line 592, in _make_request
    return self._endpoint.make_request(operation_model, request_dict)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/endpoint.py", line 102, in make_request
    return self._send_request(request_dict, operation_model)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/endpoint.py", line 132, in _send_request
    request = self.create_request(request_dict, operation_model)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/endpoint.py", line 116, in create_request
    operation_name=operation_model.name)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/hooks.py", line 356, in emit
    return self._emitter.emit(aliased_event_name, **kwargs)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/hooks.py", line 228, in emit
    return self._emit(event_name, kwargs)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/hooks.py", line 211, in _emit
    response = handler(**kwargs)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/signers.py", line 90, in handler
    return self.sign(operation_name, request)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/signers.py", line 163, in sign
    auth.add_auth(request)
  File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/auth.py", line 357, in add_auth
.
.
.
raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials

Answer 1

The workaround I found was to use warrant (AWSSRP) to generate the SRP_A key and process the Cognito challenges without having to dive too deep in the code, and just used both making my own requests to Cognito API, trying to replicate the chrome-cognito requests. Is not a real solution to the problem but it do the work.