Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Getting an error logging in with IdP in authorization code grant flow

0

I'm trying to add an identity provider (Okta) to my user pool. I've been able to get the implicit grant flow working for one app client in my pool.

Now I've set up a new app client for the authorization code grant flow in order to support OAuth access to my API.

What I'm seeing is that after redirecting to the cognito oauth2/authorize endpoint, it correctly redirects to the hosted login that allows me to select the identity provider. When I log in through the identity provider, it redirects me back to the hosted login page and displays an error message saying "Something went wrong. Please try again."

I have both the identity provider and the user pool set up for this client. If I log in using username/password to the user pool, it works as expected.

So now I have some questions:

  1. Is this a supported configuration - is it possible to use an IdP with the authorization code grant flow?
  2. How can I find out more about what's going wrong - the error message is not helpful for debugging
Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
jpulse
gefragt vor 4 Jahren829 Aufrufe
2 Antworten
0

I got it working. I had a custom domain name configured for my pool. If I don't use that custom domain URL to start the OAuth process, I get the error. If I use my custom domain, it works.

jpulse
beantwortet vor 4 Jahren
0

Glad you got it working! The OAuth flows should always be started from the Cognito domain configured .

AWS
AWS-User-2593537
beantwortet vor 4 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt