4

I am trying to set up account linking between a FB Messenger bot and AWS Cognito user pool using OAuth.

I have used Messenger account linking button template and pointed it to my Cognito domain login endpoint. Then set the callback URL in Cognito app client as https://facebook.com/messenger_platform/account_linking/ since that is what Messenger sends.

I keep getting a "redirect_mismatch" error from Cognito. I have observed that the redirect URI appended by Messenger while login has a query string parameter called "account_linking_token". Does that have something to do with it? Since the account_linking_token is dynamic and changes with every request.

What am I doing wrong here?

Newbie
  • 43
  • 1
  • 3

1 Answers1

1

You are getting this error because the Redirect URI in Cognito isn't 1:1 with the URI that you are obtaining with the dynamic query string parameter. Currently, Cognito does not support Regex or pattern-based strings in the Callback/Redirect URI.

If you do not have a Callback URI that is rock-solid and isn't prone to change, you would not be able to achieve your functionality with Amazon Cognito.

Hence, you would get the "redirect_mismatch" error that you are seeing, and there is no Cognito quirk that can avert this.

Arka Mukherjee
  • 2,083
  • 1
  • 13
  • 27
  • Thanks! Do you happen to know any OAuth-compatible server that supports dynamic query string parameter for callback URL? – Newbie Oct 14 '19 at 07:29
  • Thanks for acknowledging my answer. Unfortunately, most of my OAuth knowledge is currently limited to leveraging it on Cognito, so I am not aware of any providers. I did some quick Google searches on my end, and I was unable to get servers satisfying your use-case. – Arka Mukherjee Oct 15 '19 at 10:36