ALB Authenticate Rule with Cognito error: OAuth flows must be enabled in the user pool client

0

I have a simple Cognito user pool (no federation) with an app client with all 5 available auth flows enabled:

ALLOW_ADMIN_USER_PASSWORD_AUTH
ALLOW_CUSTOM_AUTH
ALLOW_REFRESH_TOKEN_AUTH
ALLOW_USER_PASSWORD_AUTH
ALLOW_USER_SRP_AUTH

The pool already has AWS-provided domain configured.

When I attempt to integrate it into an authenticate rule for my ALB, I got the following error:

OAuth flows must be enabled in the user pool client

How can I make this work?

2 Answers
0
Accepted Answer

I figured out what's wrong. I did not configure a hosted UI for the app client, which is an unlisted requirement for OAuth.

answered 2 years ago
profile picture
EXPERT
reviewed 2 days ago
0

Hi,

Did you create a domain for the user pool? this is required to enable oauth2 endpoints.

AWS
EXPERT
answered 2 years ago
  • Yes, I already created a domain. Does it have to be a custom-owned domain? Should I expect to see a DIFFERENT auth flow than the 5 listed ones?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions