By using AWS re:Post, you agree to the Terms of Use

Invalid scope offline_access for cognito login

0

Hi, I am using Cognito login for Google assistant account linking. Below Cognito, options are selected

Allowed OAuth Flows
Authorization code grant

Allowed OAuth Scopes
phone email openid aws.cognito.signin.user.admin profile

While login Google actions sending below request https://<domain>.amazoncognito.com/oauth2/authorize?response_type=code&client_id=<id>&redirect_uri=https://oauth-redirect.googleusercontent.com/r/<App id>&scope=email+profile+offline_access+openid&state=<state>

For this Cognito through error as invalid scope

https://oauth-redirect.googleusercontent.com/r/<App id>?error_description=invalid_scope&state=<state>&error=invalid_request

This is happening due to offline_access. Google actions team says it has to handle at login side only.

Can anyone help why Cognito rejects offline_access And how to add it to Cognito login?

Thanks, Prashanth