Bug: AWS Cognito issuer mismatch when using "common" endpoint for Microsoft OIDC

0

Issue has been mentioned by others in the past years but still no fix available.

To support both personal and Microsoft accounts to sign up / sign in with Cognito as Microsoft as IDP the docs tell you to use the “common” endpoint.

However a bad issuer mismatch error is returned when users try to sign up / log in using a Microsoft account. https://github.com/MicrosoftDocs/azure-docs/issues/38427

Other parties such as firebase, okta etc have implemented a fix because Microsoft will not comply with OIDC in the near future.

Can cognito team implement a fix so we can support Microsoft personal and work accounts using “common” endpoint? I'm considering moving my Authentication to Firebase because they support it out of the box.

I also created this issue on github but seems it's not on the radar of being fixed any time soon. https://github.com/aws-samples/amazon-cognito-example-for-external-idp/issues/98

Please do not reply with answers mentioning to use a specific tenant ID because that does not solve the problem, it only allows people to sign in using that Tenant ID. A solution would be how we can support both Work and Personal accounts from Microsoft using the "Common" endpoint or maybe a different endpoint.

Mike
asked a year ago70 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions