Invalid State Error - Hosted UI

Question

Hello all,  
  
I followed this guide: https://aws.amazon.com/blogs/security/how-to-add-authentication-single-page-web-application-with-amazon-cognito-oauth2-implementation/  
  
I have a static webpage in S3 being served by Cloudfront.  
  
The only difference is I have my own SSL certs and am using my own custom domain. NameCheap is my provider.  
  
The hosted UI appears fine, I can create an account and get an email code.  
  
The problem is, when I log in with that account, I get an invalid State error and do not see any of the account information that I should. In the Userprofile.js I see this:  
  
// Verify state matches  
    state = urlParams.get('state');  
    if(sessionStorage.getItem("pkce_state") != state) {  
        alert("Invalid state");  
    }  
  
I believe this is the cause, but I don't fully understand what is happening. The state is supposed to be passed back in the URL, which it seems like it is, but it does not match the sessionStorage state (which does not appear to exist in the Dev console in Chrome.)  
  
Any guidance is appreciated.

Answer

Okay thanks to AWS support I figured this out.  
  
You need the same Callback URL (in Cognito) that is in the userprofile.js file. I replaced the cloudfront url in Cognito with my domain, and it worked perfectly.  
  
If anyone has a similar issue feel free to reach out if you need more information.

Answer

Okay thanks to AWS support I figured this out.  
  
You need the same Callback URL (in Cognito) that is in the userprofile.js file. I replaced the cloudfront url in Cognito with my domain, and it worked perfectly.  
  
If anyone has a similar issue feel free to reach out if you need more information.

Invalid State Error - Hosted UI

Relevant content