By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito OAuth2 proxy

0

Hi,

We are creating an app where our users have their own user pools and can add IdPs to their user pools. This way we have to add the user pool's cognito domain address to the IdP's authorized redirect URIs after every new IdP. The problems are:

  1. For example for Google we can't do this programmatically
  2. We will reach the IdP's maximum number of redirect URIs limit The obvious solution could be that we create a central domain that could encode the user_pool's or account's id to the state and underneath will call the appropriate cognito domain. But we already tried this solution and we encountered an error where after we got the authorization code from the IdP and we forwarded this request to the Cognito domain the domain responded with a Google redirect_uri_mismatch error because Cognito tried to exchange the authorization code to access token with his own domain as redirect_uri and Google verified that this URI does not match with the URI which requested the authorization code.

Do you have any idea how we could work around this problem?

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAmazon Cognito
Language
English
rePost-User-2315140
asked 10 months ago86 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content