Cognito (with google) + Application Load Balancer = 414 Request-URI Too Large

Question

I have configured the Application Load Balancer to sit in front my application hosted in ECS. The load balancer has a rule to Authenticate using Cognito User Pool and then forward the request to a target group.
I get the prompt to enter my Google credentials the login appears to be successful, with the url in the format https://{domain}/oauth2/authorize?client_id={id}&redirect_uri=https%3A%2F%2{domain}.%2Foauth2%2Fidpresponse&response_type=code&scope=openid&state={state here}

The problem here is I get "414 Request-URI Too Large". I have no indication that this is from my application and this is a response from the load balancer. The length of the State in the url is 20,514 characters

My question is this a bug or what am I doing wrong?

Answer

Hi, Thank you for using AWS re:Post
 
The reason why the load balancer sends you the HTTP 414: URI too long error is because the request URL or query string parameters are too large [1].
 
In order to fix this, we can try enabling client secret for the application in AWS Cognito [2].

Please keep in mind that if the ARN length exceeds the 1600 bytes limit it could also cause this error [3]. 
 
Here are additional articles that might be helpful:
 
[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html#load-balancer-http-error-codes

[2] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html

[3] https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html

Cognito (with google) + Application Load Balancer = 414 Request-URI Too Large

Conteúdo relevante