What scopes do I need to use for Federated Signin with Amazon through Cognito?


I am trying to set up Cognito and a hosted UI to authenticate my Amplify hosted site, allowing my users to sign in with their Amazon accounts. I've gone through the setup instructions for creating a user pool in Cognito, and added a federated login for Amazon.

I registered my app with the Amazon Developer Console, but in the "Authorized scopes" section pictured below, I'm not sure what values to add. Setup amazon properties

I tried just putting "openid profile" in, but really I'm not sure what I need. The text says the scopes I need have been selected for me already, but if I leave it blank I cannot continue setup.

After finishing setup, when I launch my hosted UI and attempt to sign in with Amazon, I get this error page back. Amazon error page I'll keep my client ids secret, but the scope listed in the details is "scope=openid+profile ".

Really not sure where I've gone wrong here. Just trying to protect my Amplify site behind a login instead of having it public to the world.

Any insight or assistance is greatly appreciated, thank you for reading.

1 Answer


Hope all is well on your end.

I understand that you are integrating the Amazon Identity Provider (IdP) in your user pool however for "Authorized scopes", you are unsure of what values to add.

As can be seen in this documentation [1], for the Amazon Identity Provider (Login with Amazon), the following values are added for "Authorized scopes"

profile postal_code

Thus, please add the above values and check if this resolves the issue that you are facing.


[1] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-provider.html#cognito-user-pools-facebook-provider

answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions