Question:
I am playing around with Amazon Cognito and after reading some of the docs and creating a user pool I am running into some issues. I believe that a cognito user pool can be used with OpenId to redirect the user to a hosted UI for user authentication (without federating out to another provider). I have tried to use the authentication options in DotNetCore 2 to do this as this is something I have done previous with other providers.
I have the following:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
services.AddAuthentication(options => { options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(options => { options.ResponseType = "code"; options.MetadataAddress = $"https://cognito-idp.{authOptions.AwsRegion}.amazonaws.com/{authOptions.PoolId}/.well-known/openid-configuration"; options.ClientId = authOptions.ClientId; options.ClientSecret = authOptions.ClientSecret; }); |
but everytime I try it always returns
|
1 2 |
{"code":"BadRequest","message":"The server did not understand the operation that was requested.","type":"client"} |
Just wondering if anyone had any experience with this please? I have tried to create the user pool in different regions just to make sure that it is not only supported in certain regions but always get the same.
Answer:
I used to have the same problem. Configured my pool and code according to this tutorial. The crucial part was
Another configuration that may be important is the App integration > Domain name. It allows us to configure what will be the domain of the sign-in and sign-up pages.
After I configured domian name everything worked fine.