Reputation: 8993
How to get Google OAuth 2.0 Client to pass client_id to AWS Cognito User Pool domain with Google Social Identity Provider
I am getting an error when trying to sign-in to my single-page application (SPA) using the signInWithRedirect export of the aws-amplify/auth node package and using Google as a Social Identity Provider.
For my setup, I have done the following:
- created a set of OAuth 2.0 Client ID credentials on the Google Cloud > APIs and Services > Credentials page
- created a User Pool in AWS Cognito
- in my User Pool, under Social and external providers, I have added Google as an Identity Provider and I have added the Client ID and Client Secret from my Google OAuth 2.0 Client ID
- back in Google, for my OAuth 2.0 Client ID, I have added my User Pool's domain to the Authorized redirect URIs list
- in my Vue.js app, I have npm installed the
[email protected]package - in the source code of my app, I have the following (condensed) code:
import { Amplify } from 'aws-amplify'
import { signInWithRedirect } from 'aws-amplify/auth'
Amplify.configure({
Auth: {
Cognito: {
loginWith: {
oauth: {
domain: '{MY_COGNITO_DOMAIN}',
redirectSignIn: ['http://localhost:5173/'],
responseType: 'code',
scopes: ['email', 'openid']
}
},
userPoolClientId: '{MY_USER_POOL_CLIENT_ID}',
userPoolId: '{MY_USER_POOL_ID}'
}
}
});
const signInWithGoogle = () => {
signInWithRedirect({
provider: 'Google'
})
}
When the signInWithGoogle method is invoked in web application, the browser's network tab shows the following requests:
- a GET request to my Cognito User Pool's domain's
/oauth2/authorizeendpoint; this responds with a 302 HTTP status, redirecting tohttps://accounts.google.com/o/oauth2/v2/auth - the GET request to the Google endpoint (above) responds with a 302, redirecting back to my Cognito User Pool domain, this time to the
/oauth2/idpresponseendpoint - the
/oauth2/idpresponseCognito endpoint responds with a 302, redirecting to a/errorpage on the same domain, which responds with a 400 - Bad Request
The Cognito error page that is the terminus of this flow displays the following message:
Missing required parameters
Missing required parameter client_id in request URL.
This is where I am stuck. As far as I understand, Cognito and Google do all the magic of constructing these redirect URLs and, presumably, each should be providing in the request parameters all of the data that the other requires. I don't know what I can change, or where, to get this client_id passed from Google to Cognito.
Upvotes: 1
Views: 187
Answers (0)
Related Questions
- How to create user in user pool using social identity provider?
- AWS Cognito: Best practice to handle same user (with same email address) signing in from different identity providers (Google, Facebook)
- Spring Secutity 5 as an OIDC Identity Provider for AWS Cognito User Pool
- Get identity provider oauth tokens in AWS cognito user pool
- AWS Cognito External User Pool Identity Provider(OIDC)
- aws cognito user pool domain - Invalid_Request
- Authenticating user in AWS Cognito User/Identity Pool with Google as identity provider
- Restrict login to Enterprise Google Domain for AWS Federated Identity Pool