Hi,
We are creating an app where our users have their own user pools and can add IdPs to their user pools. This way we have to add the user pool's cognito domain address to the IdP's authorized redirect URIs after every new IdP. The problems are:
- For example for Google we can't do this programmatically
- We will reach the IdP's maximum number of redirect URIs limit
The obvious solution could be that we create a central domain that could encode the user_pool's or account's id to the state and underneath will call the appropriate cognito domain. But we already tried this solution and we encountered an error where after we got the authorization code from the IdP and we forwarded this request to the Cognito domain the domain responded with a Google redirect_uri_mismatch error because Cognito tried to exchange the authorization code to access token with his own domain as redirect_uri and Google verified that this URI does not match with the URI which requested the authorization code.
Do you have any idea how we could work around this problem?
AWS公式更新しました 2年前
