React Native AWS Amplify Auth OAuth Failed to load credentials ValidationException

Question

I'm using AWS Amplify to integrate OAuth with FB, Google, and Apple in a React Native app. Currently, what I have working: user taps button to sign-in with provider, browser opens, they login, and browser redirects back into the app. What fails is that Amplify in the app fails to process the token data coming back in. Cognito shows the user as created in the AWS Console UI. I have Amplify logging set to DEBUG. I get quite a bit of output that starts with:

LOG [DEBUG] 08:13.496 OAuth - Redirecting to https://aq****dev.auth.us-east-2.amazoncognito.com/oauth2/authorize?redirect_uri=aq****app%3A%2F%2Fapp%2FsignIn%2F&response_type=token&client_id=6b6j***od0snrgu7mo&identity_provider=Google&scope=email&state=wlRV2nz1U***zjATIY7H2rlY

LOG [DEBUG] 08:15.657 urlListener - urlListener {"url": "aq***app://app/signIn/#access_token=eyJraWQiN0ZzcHdRclNZbF90aW1lIjoxNjUwNDcwODk4LCJ[...trim...]aiZlg&state=wlRV2nz1UBE75RGvRRvPzjATIY7H2rlY&token_type=Bearer&expires_in=3600"}

That shows the redirect to the browser, then the data coming back to the app. A few logs go by basically just showing the flow of the data through Amplify (e.g., events like "parsingCallbackUrl" and "implicitFlow"), then the problem:

LOG [DEBUG] 08:15.711 OAuth - Retrieving implicit tokens from aq***app://app/signIn/#access_token=eyJraWQ[...trim again, same output as last time...]

LOG [DEBUG] 08:15.757 Credentials - set credentials from session

LOG [DEBUG] 08:15.937 urlListener - urlListener {"url": null}

LOG [DEBUG] 08:16.355 Credentials - Failed to load credentials {"_U": 1, "_V": 3, "_W": {"_1": 1, "_U": 0, "_V": 2, "_W": [ValidationException: 1 validation error detected: Value '{cognito-idp.us-east-2.amazonaws.com/us-east-2_****G=}' at 'logins' failed to satisfy constraint: Map value must satisfy constraint: [Member must have length less than or equal to 50000, Member must have length greater than or equal to 1]], "_X": null}, "_X": null}

I cannot figure out the source of that ValidationException. It appears that it's getting a blank value where it's expecting something to exist, but no clue as to what exactly. This problem exists on both iOS and Android simulators. Any help would be greatly appreciated! Thanks!

Answer 1

In my case, I am working with Gatsby, my redirection callback was set as <domain>/oauth/sign-in, and Gatsby was forcing a redirection to <domain>/oauth/sign-in/ with the trailing slash. So this mismatch on the redirect url was making the amplify auth module to fail on setting up the new user session, raising a ValidationException error.

Answer 2

After much grief, I was able to resolve this. I had two problems:

1. I needed to add 'openid' as part of my scope array in my config. E.g., scope: ['email', 'openid']

2. I also needed to link the Federated Identity Pool to my Cognito User Pool by filling in details in the Cognito tab of the Federated Identity Pool. I had entered identifiers for Apple, Facebook, and Google+, but did not realize I also needed to link Cognito. This can be found at Cognito Console -> Federated Identities -> Edit Identity Pool -> Cognito tab. (see screenshot)