0

I've deployed a simple Flask app on ECR>ECS>Fargate. The app is being loaded by Application Load Balancer and Cognito is used for authentication.

My callback url is https://ApplicationLoadBalancer's DNS/oauth2/idpresponse

If I try https://ApplicationLoadBalancer'sDNS everything works, sign in page pop up and I'm able to login without any issues.

But if I try to use https://.auth.us-east-1.amazoncognito.com as setted under Domain Name in Cognito I simply get a blank page. If I go further and try https://.auth.us-east-1.amazoncognito.com/login I get 'Required String parameter 'client_id' is not present'

Any help is greatly appreciated.

Thank you!

samvso
  • 41
  • 5
  • Seems like you misunderstanding the domain from cognito, and your application domain URL. Cognito domain is public URL for your interaction with cognito to perform authentication and authorization. It's not the one for your application. – sayboras Oct 09 '19 at 05:53
  • Thank you for the reply! That makes a lot of sense!! Would you happen to know how can I set a custom url for my web app that is inside Application Load Balancer and still have Cognito's authentication? Right now I'm using ALB's DNS but then the SSL certificate doesn't work. – samvso Oct 09 '19 at 11:39
  • if you already have a domain, you can set it up with Route53, and then create alias entry pointing to your ALB, cert can be done with ACM (you might need to approve the cert manually). If you don't have any domain, just ALB public url should work. – sayboras Oct 09 '19 at 11:48
  • Thanks for the help! I really appreciated it!! I did try Route53 already, I try to point to the DNS but I never see the login modal page and I get error=redirect_mismatch on the browser. One other thing, what's the point of setting up a Domain name on Cognito if you can access it directly from the broswer? Thanks so much!!! – samvso Oct 09 '19 at 12:34
  • This guy has a very similar issue to mine: https://forums.aws.amazon.com/post!post.jspa?forumID=173&threadID=293862&messageID=878127&reply=true – samvso Oct 09 '19 at 12:45
  • did you try to cross check the callback url for your client in cognito and route53 ? – sayboras Oct 10 '19 at 01:29
  • Could you please elaborate? I don't really follow. – samvso Oct 10 '19 at 11:20
  • I would recommend you to read the official docs for cognito to understand the flow, and specifically the callback URL. – sayboras Nov 05 '19 at 09:45

1 Answers1

1

So I finally got an answer for this.

Instead of using ALB's DNS on the callback, it's easier to use Route 53 to forward your ALB to your custom domain, then use the custom domain on Cognito's callback.

samvso
  • 41
  • 5