Login/Register
invalid_request error on AWS Cognito Custom UI Page
Asked Answered
amazon-cognito
C

5

19

when going to the custom AWS Cognito UI Page:

https://<your_domain>/login?response_type=code&client_id=<your_app_client_id>

am getting the following error:

An error was encountered with the requested page.

View error

invalid_request

Catabasis answered 23/4, 2018 at 10:52 Comment(0)
C
23

O-Auth options need to be check as shown in the following picture

oauth options

from https://aws.amazon.com/blogs/aws/launch-amazon-cognito-user-pools-general-availability-app-integration-and-federation/

Catabasis answered 23/4, 2018 at 10:52 Comment(0)
W
10

You need the following in the App client Settings of your user pool:

  • Enable Cognito User Pool as "Identity Provider".
  • Allowed "OAuth Scopes" should have openid enabled.

App client settings

Wolfram answered 21/7, 2020 at 12:23 Comment(0)
I
2

In my case, it appears there was some issue with verifying the phone number. So switched back to email.

enter image description here

This document is good for checking everything.

https://aws.amazon.com/blogs/aws/launch-amazon-cognito-user-pools-general-availability-app-integration-and-federation/

Unless the SMS Sending setup is not complete, do not choose the Email or Phone option. Email or phone actually falls back to phone number only. Read the warning messages.

enter image description here

Isolating answered 20/5, 2021 at 20:42 Comment(2)
You're my hero!!!Posthumous
Just shared my experiance.Isolating
O
0

TLDR: If you use an AWS User Pool with Cognito App Client and have an Application Load Balancer that is exposed via a custom DNS entry (e.g. custom-domain.com, which has to be secured via SSL), use this custom domain for the Cognito App Client's callback URL (i.e. https://custom-domain.com/oauth2/idpresponse) instead if the random DNS name created by AWS.

I had the same error and this issue solved it for me. I used a User Pool with a Cognito App Client and as callback URL I first used the DNS name that AWS created for it (<load balancer name>-<random number>.<region>.elb.amazonaws.com, i.e. "callbackUrl": "https://<load balancer name>-<random number>.<region>.elb.amazonaws.com/oauth2/idpresponse). I also created a DNS record for a custom domain to expose the load balancer to the internet and secured it via SSL. As a result, the certificate was not valid for the URL created by AWS, but only my custom domain. The Cognito App Client was thus trying to access the URL with the invalid SSL certificate and returned the error.

Olympie answered 23/5, 2022 at 9:36 Comment(0)
L
0

for expo users, in my case, sign in whitelist wasn't correct, so I had to update it to match my expo app:

so if you're using expo, just check on which port metro is listening (see your console):

› Choose an app to open your project at http://192.168.1.2:8081/_expo/loading
› Metro waiting on exp://192.168.1.2:8081

then just navigate here and update by clicking on Edit btn of the Hosted UI section: Amazon Cognito -> User pools -> your-user-pool -> App client: your_app_client

aws config of federated sign in

Logistician answered 30/10, 2023 at 20:53 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.