AWS Cognito fails with redirect_mismath

saudiwin · April 24, 2019, 12:55am

Hi all -

I believe I have everything configured properly to use AWS cognito on an ec2 machine running ubuntu. I have a working shinyproxy installation, so the only issue is getting openID to work. This is my current config file:

  openid:
    auth-url: https://shinyproxy.auth.us-east-2.amazoncognito.com/oauth2/author$
    token-url: https://shinyproxy.auth.us-east-2.amazoncognito.com/oauth2/token
    jwks-url: https://cognito-idp.us-east-2.amazonaws.com/us-east-2_Uphts82FW/.$
    client-id: ***
    client-secret: ***

My callback URL is:

https://report.princetontradestudy.org/login/oauth2/code/shinyproxy

I have a load balancer running that is redirecting traffic on port 80 to port 8080. The AWS Cognito will only accept HTTPS callback URLs, so I don’t know if that’s the problem. When I manually run the AWS login command using this URL:


https://shinyproxy.auth.us-east-2.amazoncognito.com/login?response_type=code&client_id=6m7cnh72b09h2cqq8032ldl38l&redirect_uri=https://report.princetontradestudy.org:8080/login/oauth2/code/shinyproxy

I get the following response when I try to log in:

Any help much appreciated!

saudiwin · April 24, 2019, 1:17pm

Woo I figured it out! This error was caused by an incorrect SSL certificate. I had one set up for the root domain but not a subdomain that was mapped to the app/load balancer.

thestrugglingblack · October 7, 2024, 6:13am

I am having a similar issue as you but I notice that my redirect URI doesnt have https appended to url. I notice my redirect response comes back as this

https://thebisonplatform.auth.us-east-1.amazoncognito.com/oauth2/authorize?response_type=code&client_id=&scope=openid%20email&state=9%3D&redirect_uri=http://www.thebisonplatform.com/login/oauth2/code/shinyproxy&nonce=

where is http://www.thebisonplatform.com/login/oauth2/code/shinyproxy as oppose to https://www.thebisonplatform.com/login/oauth2/code/shinyproxy

I have a SSL certificcate listening on my loadbalancer listener, do you have any suggestions of where in my configuration this would be set as http versus https? In my Cognito callbackurl i have the https added to it