Cognito OAuth2 proxy

Hi,

We are creating an app where our users have their own user pools and can add IdPs to their user pools. This way we have to add the user pool's cognito domain address to the IdP's authorized redirect URIs after every new IdP. The problems are:

For example for Google we can't do this programmatically
We will reach the IdP's maximum number of redirect URIs limit The obvious solution could be that we create a central domain that could encode the user_pool's or account's id to the state and underneath will call the appropriate cognito domain. But we already tried this solution and we encountered an error where after we got the authorization code from the IdP and we forwarded this request to the Cognito domain the domain responded with a Google redirect_uri_mismatch error because Cognito tried to exchange the authorization code to access token with his own domain as redirect_uri and Google verified that this URI does not match with the URI which requested the authorization code.

Do you have any idea how we could work around this problem?

Argomenti

Sicurezza, identità e conformità

Tag

Gestione identità e accesso AWS Amazon Cognito

Lingua

English

rePost-User-2315140

posta un anno fa89 visualizzazioni

Nessuna risposta

Più recenti
Maggior numero di voti
Maggior numero di commenti

Contenuto pertinente

Come faccio a evitare l'errore "Unable to validate the following destination configurations" con le notifiche degli eventi Lambda in CloudFormation?
AWS UFFICIALEAggiornata 3 anni fa
Come faccio a correggere l'errore "Unable to validate the following destination configurations" in AWS CloudFormation?
AWS UFFICIALEAggiornata 2 anni fa
Come posso risolvere l'errore "CloudFront wasn't able to connect to the origin"?
AWS UFFICIALEAggiornata 2 anni fa
Come posso risolvere l'errore "Your current user or role does not have access to Kubernetes objects on this EKS cluster" in Amazon EKS?
AWS UFFICIALEAggiornata un anno fa