Reputation: 93
AWS Cognito built-in UI error posting credentials when using response_type=code
I have spent a significant amount of time searching for a solution here and can't find one. Here is the situation:
- I am using the built-in Cognito UI
- When I redirect my app to the UI with response_type=code, I get to the login page fine. When I enter my credentials and click "Sign In" the post request to the /login cognito endpoint results in a 405 method not allowed
- If I instead redirect my app with response_type=token, it redirects to my return_url with no problem, but the parameters are harder to retrieve as they are hash parameters instead of query parameters.
I am actually a little surprised either one works because the documentation seems to indicate the /login endpoint is GET only: https://docs.aws.amazon.com/cognito/latest/developerguide/login-endpoint.html
I'd prefer to use the code response_type anyway. Am I doing something wrong here? Is anyone else having this issue? I don't think I'm doing anything unusual. It feels to me like something is just broken in the built-in ui flow. I have definitely discovered that I should not be using the built-in UI, but I'd like to get this working and then replace it if possible.
Please let me know if you need more information and I'd be happy to provide it.
EDIT: It actually does work if I make the redirect_url google.com, which means it's something with my app and the redirect, but there is basically no indication about what is wrong. Anyone know where I can find any kind of relevant logs or information related to these types of errors in Cognito?
Upvotes: 1
Views: 2428
Answers (1)
Reputation: 93
Alright this appears to be a bug in the built-in UI and I'll file it with Amazon. I finally figured out that my redirect_uri I was sending over had a trailing slash and the one I configured in Cognito did not have a trailing slash. It works when I remove this.
The reason I believe this is a bug is because normally when I pass in an invalid redirect, the UI immediately sends me to a page with that error. When the only difference is a trailing slash, I can go through the login flow fine, but it hits that 405 method not allowed error when trying to redirect back to my flow.
Not sure if anyone else will run into this very odd edge-case, but hopefully this is helpful if you do.
Upvotes: 5
Related Questions
- invalid_request error on AWS Cognito Custom UI Page
- AWS cognito returning - 'Invalid Login Token. Not a Cognito Token'
- AWS Cognito USER_PASSWORD_AUTH "Initiate Auth method not supported."
- 405 method not allowed error in AWS Cognito oauth2/token endpoint
- AWS Cognito can't set credentials on CognitoIdentityCredentials
- Cognito AUTHORIZATION endpoint responsds with invalid client
- AWS Cognito TOKEN Endpoint giving a 400 Bad Request error "unauthorized_client"
- AWS Cognito hosted UI returning id_token in URL
- Can't resend verification code through AWS Cognito API
- AWS Cognito TOKEN endpoint fails to convert authorization code to token