-
Notifications
You must be signed in to change notification settings - Fork 232
Authorize Code Grant didn't work with Invalid_Client exception #206
Comments
Quite astonishingly, I read other forums and came to know recent problems with AWS Cognito. {"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=eyJraWQiOiJWeG9IU............................... |
Hi i am also facing the same error my understanding the response state code was 400 from aws documentation identified app is not setting client_secret as a part of it's request if i set client_secret in postman i am able to get the tokens |
@lakshmisivareddy I have the same problem with |
I am also getting invalid_client and don't know why. I have gotten this error immediately after an attempted login, and also just before an attempted login. I think the fact that I got to the hosted signin screen in my first attempt at login is evidence that my client id is valid. After that first attempt, however, I keep getting this error before reaching the signin screen. See below for details. My app uses the sample code provided in "OAuth and Hosted UI" part of the documentation (but for a lower-level component than App): https://aws-amplify.github.io/docs/js/authentication#oauth-and-federation-overview I am just doing basic hosted authentication (no federation yet), and I am testing from localhost:3000. Any ideas how to troubleshoot this issue? Many thanks. Azad log messages from my code: auth response - data.payload: {"event":"signIn_failure","data":{},"message":"The OAuth response flow failed"} auth response - data.payload: {"event":"cognitoHostedUI_failure","data":{},"message":"A failure occurred when returning to the Cognito Hosted UI"} auth response - data.payload: {"event":"customState_failure","data":{},"message":"A failure occurred when returning state"} the error report: [ERROR] 29:44.206 OAuth - Error handling auth response. Error: invalid_client console. @ index.js:1375 |
For those that are using Cognito and PKCE flow for single-page apps, you will need to create a user pool app client without a secret id. |
@brady-vitrano Thanks for the tip. I wanted to use AWS Cognito with a manual Amplify Auth configuration in my React front end. I ran into the same issue when using my previously created app client for my authentication pool. Adding a new app client and uncheck the "Generate secret key" checkbox did the trick. I have to say the whole journey has been a bit problematic so far. I first attempted with actually configuring amplify within my react project and creating an authentication pool through the amplify command line, but that just led to several other issues and bugs on the amplify command line and being unable to edit certain settings in the pool through AWS console as well as command line. I hope the "simple" solution with manual Auth config in React frontend will finally work |
In agreement here with @birgert. The Amplify CLI is disconnected from state within Amplify Console. A bug is definitely present in editing Cognito pools as well as removing the redirect URIs. Unable to edit on either side and have it appropriately sync. Somethings need setup in CLI and others in Console. Given the difficulties I'm having with Amplify Auth, I am resigning and going a different route. I think Amplify may be good for API Gateway, Lambda, DynamoDB and other backend capabilities, but its Auth isn't ready from what I have tested. |
Keep getting similar error . Sometimes it gets resolved by creating a totally new credentials in google console or setting up an altogether new cognito pool . Please rectify, as this issue is a blocker for us. |
I tried the same steps advised by "yuntuowang" "on Dec 8, 2017" as below with AWS inherent ID provision and Fed identity with Facebook and Google. All failed with {"error":"invalid_client"} exception.
create a app client without client secret in Cognito User Pool, and enable Google as an identity provider and enable code grant flow
Go to the hosted UI (/oauth2/authorize?response_type=code&client_id=********&redirect_uri=https://www.amazon.com), and click "log in with Google", I get redirected to amazon website. In the callback url, I get the code.
Go to postman, [***** This part I fired with CURL on windows command-prompt, the full command below-]
CURL -X POST -H "Content-Type=application/x-www-form-urlencoded" -d "grant_type=authorization_code&client_id=&code=
&redirect_uri=" https://.auth.us-east-1.amazoncognito.com/oauth2/token
make a post request: URL is: /oauth2/token
Header:
[{"key":"Content-Type","value":"application/x-www-form-urlencoded"}]
Body: remember to select x-www-form-urlencoded: and put the following,
[{"key":"grant_type","value":"authorization_code"},{"key":"client_id","value":""},{"key":"redirect_uri","value":"https://www.amazon.com"},{"key":"code","value":""}] Then click send request, you will get id_token, access_token and refresh_token.
The text was updated successfully, but these errors were encountered: