Cognito federation with google provider throwing redirect error


In our user pool phone_number is mandatory. In Google outh2.0 authorized scope for phone numbers is added( On the client side, we are using the Amplify federationSignIn method with the CognitoHostedUIIdentityProvider Google module.

After clicking the Google oauth2.0 CTA it redirected Google asking phonenumber access after the process was completed. Cognito redirected me to my page with the URL of http://localhost:8010/?error_description=attributes+required%3A+%5Bphone_number%5D&state=TZDvvUDtK21fO7TocBiwimahqwv5kDxk&error=invalid_request

How to fix the error_description=attributes+required%3A+%5Bphone_number%5D& redirect issues.

asked 5 months ago157 views
1 Answer

To resolve the error_description=attributes+required:[phone_number] issue with AWS Cognito and Google OAuth 2.0, you can follow these steps:

-Verify Scope Configuration: Ensure that the scope for phone numbers is correctly added in the Google API and that it matches the scope in your application configuration. The scope you've added ( should be correctly integrated into your OAuth flow.

-Check Cognito User Pool Settings: Make sure that the Cognito User Pool is configured to mark the phone number as a required attribute. This setting should align with your application's authentication flow.

-Review Attribute Mapping: In AWS Cognito, check the attribute mapping for the Google identity provider. Ensure that the phone number attribute from Google is correctly mapped to the Cognito user pool attribute.

-Handle Redirects Appropriately: In your application, ensure that the OAuth flow is correctly handling redirects. After the user grants permission on Google's consent screen, your application should handle the redirect from Google correctly, capturing any error messages or codes.

-Error Handling: Implement error handling on the redirect URI to catch and manage errors like the one you're experiencing. This can help in understanding if there are additional underlying issues in the OAuth flow.

-Testing and Debugging: Test the flow thoroughly with different scenarios to ensure that the phone number is correctly being passed and accepted by Cognito. Use debugging tools to trace the flow and identify where the breakdown is occurring.

-Consult AWS Cognito Documentation: Refer to AWS Cognito's official documentation for detailed guidance on setting up and troubleshooting the OAuth flow and attribute mapping.

answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions