AWS Cognito User Pools and OpenId

Question

I am playing around with Amazon Cognito and after reading some of the docs and creating a user pool I am running into some issues. I believe that a cognito user pool can be used with OpenId to redirect the user to a hosted UI for user authentication (without federating out to another provider). I have tried to use the authentication options in DotNetCore 2 to do this as this is something I have done previous with other providers.

I have the following:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
    options.ResponseType = "code";
    options.MetadataAddress = $"https://cognito-idp.{authOptions.AwsRegion}.amazonaws.com/{authOptions.PoolId}/.well-known/openid-configuration";
    options.ClientId = authOptions.ClientId;
    options.ClientSecret = authOptions.ClientSecret;
});

but everytime I try it always returns

{"code":"BadRequest","message":"The server did not understand the operation that was requested.","type":"client"}

Just wondering if anyone had any experience with this please? I have tried to create the user pool in different regions just to make sure that it is not only supported in certain regions but always get the same.

Answer 1

I used to have the same problem. Configured my pool and code according to this tutorial. The crucial part was

Another configuration that may be important is the App integration > Domain name. It allows us to configure what will be the domain of the sign-in and sign-up pages.

After I configured domian name everything worked fine.