Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

ALB Authenticate Rule with Cognito error: OAuth flows must be enabled in the user pool client

0

I have a simple Cognito user pool (no federation) with an app client with all 5 available auth flows enabled:

ALLOW_ADMIN_USER_PASSWORD_AUTH
ALLOW_CUSTOM_AUTH
ALLOW_REFRESH_TOKEN_AUTH
ALLOW_USER_PASSWORD_AUTH
ALLOW_USER_SRP_AUTH

The pool already has AWS-provided domain configured.

When I attempt to integrate it into an authenticate rule for my ALB, I got the following error:

OAuth flows must be enabled in the user pool client

How can I make this work?

Topics
Security, Identity, & Compliance
Tags
Application Load BalancerAmazon CognitoAmazon Cognito User Pools
Language
English
asked 4 years ago4.7K views
2 Answers
0
Accepted Answer

I figured out what's wrong. I did not configure a hosted UI for the app client, which is an unlisted requirement for OAuth.

answered 4 years ago
EXPERT
reviewed 2 years ago
0

Hi,

Did you create a domain for the user pool? this is required to enable oauth2 endpoints.

AWS
EXPERT
answered 4 years ago
  • khuongduybui
    4 years ago

    Yes, I already created a domain. Does it have to be a custom-owned domain? Should I expect to see a DIFFERENT auth flow than the 5 listed ones?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content