3

AWS cognito doc says Developers must add Amazon Cognito User Pool domain URL https://your-user-pool-domain/oauth2/idpresponse in the Google app's Authorized redirect URIs. Is it possible to modify the redirect url provided by cognito when signing -in with google so that call back directly come to application instead of aws-cognito.

For example: I can add a valid redirect url as "https://myapp/callback/" in google app. When signing-in with google using aws cognito hosted page - aws coginto supply the redirect url as "https://myapp/callback/" instead of https://your-user-pool-domain/oauth2/idpresponse

Praveen
  • 697
  • 6
  • 21

1 Answers1

1

No, you have to use the Amazon Cognito User Pool domain URL. That's the only supported method if you are using Cognito. Otherwise Cognito wouldn't know anything about your external identity.

F_SO_K
  • 13,640
  • 5
  • 54
  • 83
  • cognito federated authentication flow (https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html) clearly says app should handle the login with external provider and post login app should send access_token/id_token to cognito ( https://aws.amazon.com/blogs/developer/authentication-in-the-browser-with-amazon-cognito-and-public-identity-providers/ - read step 4). To enable this flow, the callback must come to application so that app can send id_token(for google) and access_token( for facebook) to cognito. shouldn't this flow be uniform across all platform? – Praveen Jan 10 '18 at 19:05