Invalid scope offline_access for cognito login

Hi, I am using Cognito login for Google assistant account linking. Below Cognito, options are selected

Allowed OAuth Flows
Authorization code grant

Allowed OAuth Scopes
phone email openid aws.cognito.signin.user.admin profile

While login Google actions sending below request https://<domain>.amazoncognito.com/oauth2/authorize?response_type=code&client_id=<id>&redirect_uri=https://oauth-redirect.googleusercontent.com/r/<App id>&scope=email+profile+offline_access+openid&state=<state>

For this Cognito through error as invalid scope

https://oauth-redirect.googleusercontent.com/r/<App id>?error_description=invalid_scope&state=<state>&error=invalid_request

This is happening due to offline_access. Google actions team says it has to handle at login side only.

Can anyone help why Cognito rejects offline_access And how to add it to Cognito login?

Thanks, Prashanth

Topics

Security, Identity, & Compliance

Relevant content

OAuth 2.0 Device Authorization Grant feature in AWS Cognito
Accepted Answer
Pradhan
asked 3 days ago
Authorization code flow with custom UI and Cognito
Accepted Answer
sasajankovic
asked 3 years ago
Programmatic login using cognito hosted ui
systematicguy
asked a year ago
OAUTH Password Grant Type with Cognito
AWS-User-6083653
asked 2 years ago
How do I configure the hosted web UI for Amazon Cognito?
AWS OFFICIALUpdated 2 years ago
How do I set up Google as a federated identity provider in an Amazon Cognito user pool?
AWS OFFICIALUpdated 10 months ago
How do I use Amazon Cognito identity pools to grant users access to AWS services?
AWS OFFICIALUpdated a year ago
How do I authorize access to API Gateway APIs using custom scopes in Amazon Cognito?
AWS OFFICIALUpdated a year ago
AWS Cognito Finally Supports Custom Claims for Access Tokens
EXPERT
Antonio_Lagrotteria
published a month ago
How to build a unified authorization layer for identity providers with Amazon Verified Permissions
EXPERT
JohnT
published 15 days ago