Passing code challenge to Cognito Federated Identiy via Amplify [Okta]
I Integrated Cognito Userpool with Federated Identity [Okta - As Secure Web Authentication]. The flows works fine with Authorization Code Flow without PKCE (Using Amplify with Angular).
Created a similar app as SPA(in Okta), to enable PKCE and integrated with Cognito federated identities. When we redirect to Hosted UI, the challenge is getting passed to hosted UI in the URL.
But after it redirects to okta, it is throwing this error.
pkce code challenge is required when the token endpoint authentication method is 'none'
Is there any additional configuration required in Cognito to pass code-challenge to Okta.
I am using Authorization Code flow in Cognito and Okta.
Attaching the configuration in Okta.
Attaching the configuration in Cognito
There was a mistake in my understanding. Communication between Cognito & Okta is service to service call, which should have been performed as Client Credential Grand Flow. There we don't enable PKCE in Okta.
PKCE is enabled for Client (Web or Mobile App) to Service Authentication.
When we create App Client without client secrete, Amplify enables PKCE in frontend.
- Simple way to put AWS Lambda app behind SAML authentication
- Cognito "Authorizer" element not appearing in RequestContext in a Lambda triggered via API Gateway
- SSO not working in iOS when using AWS Cognito and Azure AD
- AWS Lambda Custom JWT Validation
- Is it possible to filter metrics of AWS Cognito by user group?
- Amplify Gen 2 Users List
- Is this auth flow possible with Amazon Cognito Identity and User Pool
- Why won't Cognito send custom email message templates in the AdminCreateUser case?
- Cognito User migration trigger not firing
- Allowing Cognito non verified users to sign in?
- Cognito sending forget password confirmation to incorrect address
- How to modify expiry time of the access and identity tokens for AWS Cognito User Pools
- How to Implement OTP-Passwordless Login Using Either Email or Phone Number in Amazon Cognito?
- DIfferent Cognito Pool Authorizer by Api Gateway Stages
- Amplify gen 2, amplify-authenticator "There is already a signed in user."
- How to mock AWS Cognito CognitoIdentityServiceProvider with Jest?
- Is it possible to revoke AWS Cognito IdToken?
- Cognito - Client is not enabled for OAuth2.0 flows
- Acessing user identity in AWS Lambda
- Authentication with Lambda and AWS Cognito
- How can I remove empty client_secret from request body for OAuth 2.0 token requests in Postman?
- AWS Cognito Auth JSON request isn't Deserializing with nested classes in Unity
- How to confirm Cognito User after it was created with adminCreateUser command
- Serverless Framework v3 custom-resource-existing-cup function Node16 is deprecated
- AWS Cognito; unauthorized_client error when hitting /oauth2/token
- Integrating Amazon API Gateway with Amazon Cognito for use in a .Net Framework Desktop Application
- Serverless - Adding trigger to Using existing pools fails deployment - CREATE_FAILED: CustomDashresourceDashexistingDashcupLambdaFunction
- Cognito CreateAuthChallenge InvalidLambdaResponseException
- Getting aws cognito token in aws-amplify ui-react
- Prevent users from signing up on their own with federated identity providers (FIP) but allow sign in with a FIP if added by an administrator