0
180
ViewsCognito - Client is not enabled for OAuth2.0 flows
I've successfully set up an AWS Cognito environment that runs on Localhost following this tutorial.
For the next step, I published the app to my external web server. I confirmed that the Cognito configuration (i.e. Client ID, Metadata Address, Region, etc) is correct. However, when I access and try to sign into the newly published public site I receive the follow error: " Client is not enabled for OAuth2.0 flows."
EDIT:
Here are my App Client Settings
I would like help with what I should look into in the AWS Cognito config or the Server config settings. The server is NOT using a load balancer. I believe the issue may lie somewhere in the Reverse Proxy or HTTPS settings.
3 answers
Answer question0
I have seen this issue before. When making the request to Cognito, please take a close look at the redirect URL/ Call back URL you are specifying. If I remember correctly, I have seen this issue if you have a trailing '/' or a missing '/' in the redirect URL depending on what you have specified in the App Client Settings.
0
TLDR: In addition to previous answers, make sure your callback URL is in lower case.
Long Answer: I encountered the same error. In my case, I had copied the DNS name of my Application Load Balancer from the description window of the Load Balancer page where there was varied casing
So I put the below into the callback URL and encountered the error in question:
https://*AppLBTest*-123456123456.ap-southeast-1.elb.amazonaws.com/oauth2/idpresponse
After changing the callback URL to the below, auth worked as expected:
https://*applbtest*-123456123456.ap-southeast-1.elb.amazonaws.com/oauth2/idpresponse
0
This also occurs when you set up Cognito using Cloudformation or AWS SAM, and forgot to enable AllowedOAuthFlowsUserPoolClient property to true.
Resources:
FooBarUserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
AllowedOAuthFlowsUserPoolClient: True # Set here