AWS Cognito Logout Url format - Required String parameter 'redirect_uri' is not present

Asked 5/7, 2020 at 8:5 Answered 23/5, 2023 at 6:43

Solved amazon-web-services amazon-cognito

I'm trying to format the logout rest call to sign out of an AWS Cognito user pool, but can't seem to get it right.

I want to redirect to https://localhost:44333?signout=true after cognito has signed me out.

The following doesn't work and returns "Required String parameter 'redirect_uri' is not present":

https://tradingreplay-test.auth.eu-west-1.amazoncognito.com/error?client_id=***ClientId***&logout_uri=https://localhost:44333?signout=true

I have checked and https://localhost:44333 is in the list of valid sign out urls for the app client.

Wersh answered 5/7, 2020 at 8:5 Comment(2)

The query string is probably not allowed. – Prothesis 5/7, 2020 at 9:25

You'll get this error if you haven't added the logout URL to the allowed logout URLs list in your Cognito app settings. – Ober 25/1, 2022 at 18:59

A Standard requirement of a logout URL is that there's no query string parameter is preserved. You could possibly set a cookie or handle the request to https://localhost:44333/logout/.

https://tradingreplay-test.auth.eu-west-1.amazoncognito.com/error?client_id=***ClientId***&logout_uri=https://localhost:44333/signout/

Since Cognito is SAML compliant, it's probably going to handle the logout in the same compliant manner by ignoring the query strings or throwing an error.

Prothesis answered 5/7, 2020 at 9:27 Comment(2)

Thanks - I had gone through the documentation and didn't really understand what the "com.myclientapp://myclient/logout" part of the logout_uri meant. Where is the logout page set? – Wersh 5/7, 2020 at 11:12

It literally says to use a GET request with query parameters in the documentation you linked, just like in the above question. Also, Cognito isn't a SAML provider, it's an OpenID provider. It simply has support for connecting to SAML 3rd party identity providers. – Ober 25/1, 2022 at 18:48

In Cognito User pool client, if you miss the logout url (which is optional) , this can lead to the same error

In Terraform this was resolved by adding a "logout_urls" attribute

resource "aws_cognito_user_pool_client" "client" {
  name                                 = "test-client"
  user_pool_id                         = aws_cognito_user_pool.pool.id
  callback_urls                        = ["https://example.com","https://www.example.com.com"]
  logout_urls = ["https://www.example.com.com"]

Glair answered 8/4, 2023 at 18:18 Comment(0)

add logoutUrls when setting up new client, Define logoutUrls in an array and pass it as oAuth parameters. like,

const googlePoolClient = userPool.addClient("google-client", {
      generateSecret: true,
      supportedIdentityProviders: [UserPoolClientIdentityProvider.GOOGLE],
      oAuth: {
        callbackUrls: callbackUrlList,
        logoutUrls: logoutUrlList,
      },
    });

Wilinski answered 23/5, 2023 at 6:43 Comment(0)

Recommended topics

Hot tags