AWS Cognito for Login with Amazon causing NotAuthorizedException

Question

Trying to figure out what am I doing wrong here.

LWA (login with amazon) works fine. I get the access token back, I immediately set the Logins param:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
                  IdentityPoolId: 'us-east-1:2a...',
                  Logins: {
                      'www.amazon.com': access_token
                  }
              });

Next when I make a call to get login details via:

AWS.config.credentials.get(err,data){
              console.log(data);
              console.log(error);
            };

It calls POST https://cognito-identity.us-east-1.amazonaws.com/ and passes the following data {"IdentityPoolId":"us-east-1:2a...","Logins":{"www.amazon.com":"Atza%7C..."}}

Unfortunately, the response of that call is always 400 x-amzn-ErrorMessage:Invalid login token. x-amzn-ErrorType:NotAuthorizedException:

I have created a Federated Identity Pool in Cognito, and specified the Security Profile ID (LWA) as Amazon App Id. The Cognito identity creation wizard also created necessary IAM roles for both Auth and UnAuth which seems to have appropriate policy set. Unauthenticated identities is enabled.

I am truly lost here. I just need to get LWA based authentication on my web app so that when I make REST calls to API Gateway I can protect resources. Also I am not using AWS SDK for anything besides Cognito.

Answer 1

Your code looks fine. This error could be thrown in two cases.

1. The access token the service get is expired.
2. The access token is coming from a different LWA app tan what has been configured in your identity pool.

Can you confirm both these scenarios are not the cause for this?