By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

cognito custom domain not working

0

I have a cognito custom domain with reports.auth.<domain.org>

In route 53 <domain.org> hosted zone I added A record for auth.<domain.org> pointing to <domain.org> A record I added A record for reports.auth.<domain.org> pointing to the cloudfront alias generated when i created a custom domain in Cognito

I have my app deployed on Heroku with URL xxx.herokuapp.com I have below in the hosted UI configuration Allowed callback URLs https://xxx.herokuapp.com/login/oauth2/code/cognito

When i use the "View Hosted UI" button it takes to Cognito signin page and from there it redirects to https://xxx.herokuapp.com/login?error

Enter image description here

When i click on the app link above, it takes me to my app page

Topics
Security, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon CognitoAmazon Route 53
Language
English
rePost-User-krishna
asked a year ago393 views
1 Answer
0

Hello,

Thank you for posting on AWS re:Post!

I see that you have added custom domain to user pool and added A record to Route53 hosted zone but when you use hosted UI you are getting sign in page but after that you are getting Invalid_Request error.

Firstly, as per the information provided, you have added A record to the route 53 hosted zone and created the alias for the custom domain. It appears that you have followed the required steps for adding custom domain to user pool as mentioned in the below AWS reference document.

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html

Secondly, I would like to provide information that generally "invalid_request" would be returned from the user pool's Authorization endpoint. Since you have mentioned that when you use the "View Hosted UI" button it takes you to Cognito sign in page and from there it redirects to https://xxx.herokuapp.com/login?error so I assume that this error might be returned from the authorization end point. Here is the AWS reference document which has listed few reasons for invalid_request error. I would highly recommend checking below reference document.

https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html

Additionally, I would recommend capturing the network trace (HAR) in your browser developer tool that will provide you more insight and possible reason for the error.

Thank you!

AWS
SUPPORT ENGINEER
Vishal_J
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content