Closed engharb closed 5 years ago
Also time to time I used to get: error_description=Client+is+not+enabled+for+OAuth2.0+flows+&error=invalid_request ??
Same issue for me...
@AdrienFery Regarding
nvalid+user+attributes%3A+email%3A+Attribute+cannot+be+updated
You have to remove Email attr. from the required attributes in your User-Pool and set it as mutable=true (I used to do that in Terraform or AWS CLI).
And considering
error_description=Client+is+not+enabled+for+OAuth2.0+flows+&error=invalid_request
I configured that in terraform as:
resource "aws_cognito_user_pool_client" "myapp" {
...
allowed_oauth_flows_user_pool_client = true
...
}
@engharb Hi could we re-open this as this seems to be a common issue. And the solution "recreating the pool" isn't ideal. The root of the issue is that once you create the pool with "email" as required, cognito will mark it as mandatory, and also immutable. So the second time you login with SAML or social login, it will fail because cognito will try to update all the mapped attribute, but email isn't mutable. What's worse is that you cannot change the mutability of "email" unless recreate the pool.
Please advise if there is a better option other than recreating the pool. This isn't an option if you have a production pool which already has a lot of users.
@engharb Also it will be helpful if cognito team could advise whether fixing this is on their roadmap or not.
Hello all, @yuntuowang
I have created new User-pool and enabled FB and Google provider to be able to login. I can signin by calling https:///login?response_type=code&client_id=&redirect_uri=https://www.example.com
For second time when I try again to signin using the same FB account I used to get
I mapped the email in mapping attributes, and I set the email as required and then as non-required I have the same issue. It is annoying and I could not solve that.
Any one can help me what should I do?
I think this is related to https://github.com/aws/amazon-cognito-auth-js/issues/48
thanks