Hello,

As per the OpenID specifications, the Authentication request to the resource server supports the query parameter login_hint. Unfortunately, as of now, AWS Cognito does not support the 'login_hint' request parameter for the authentication endpoint. There are no workarounds for this because Cognito doesn't currently allow custom query parameters to be passed in the issuer URL. The root cause is that Cognito authorization/authentication request doesn't support all OIDC request parameters. Currently, for the authentication endpoint, AWS Cognito only supports client_id, redirect_uri, identity_provider, idp_identifier...etc as the request query parameters which are specified in the endpoint documents[1], but all the other request parameters as specified by OpenID are not yet supported.

Having noted the above, I can confirm that an existing feature request is in place with the Cognito Team, to add support for this feature. While I am unable to comment on if/when this feature may get released, I request you to keep an eye on our AWS What's New blog [2] or AWS Announcements Blog[3] documentation.

I hope that the above details are helpful. Please feel free to raise a support case with us if you require further guidance.

References:

[1] Login Endpoint https://docs.aws.amazon.com/cognito/latest/developerguide/login-endpoint.html https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html

[2] What's New at AWS https://aws.amazon.com/new/#management-admin

[3] AWS Announcements Blog https://aws.amazon.com/blogs/aws/category/announcements/