ALB Authenticate Rule with Cognito error: OAuth flows must be enabled in the user pool client

Question

I have a simple Cognito user pool (no federation) with an app client with all 5 available auth flows enabled:
```
ALLOW_ADMIN_USER_PASSWORD_AUTH
ALLOW_CUSTOM_AUTH
ALLOW_REFRESH_TOKEN_AUTH
ALLOW_USER_PASSWORD_AUTH
ALLOW_USER_SRP_AUTH
```
The pool already has AWS-provided domain configured.

When I attempt to integrate it into an authenticate rule for my ALB, I got the following error:
> OAuth flows must be enabled in the user pool client

How can I make this work?

Accepted Answer

I figured out what's wrong. I did not configure a hosted UI for the app client, which is an unlisted requirement for OAuth.

Answer

Hi,

Did you [create a domain ](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html)for the user pool? this is required to enable oauth2 endpoints.

ALB Authenticate Rule with Cognito error: OAuth flows must be enabled in the user pool client

相关内容