Federated sign in with google only works for first-time or manually signed out users.

[cezarcarvalhaes]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Next.js

Amplify APIs

Authentication

Amplify Categories

auth

Environment information

``` # Put output below this line System: OS: macOS 13.2.1 CPU: (8) arm64 Apple M1 Memory: 72.94 MB / 16.00 GB Shell: 5.8.1 - /bin/zsh Binaries: Node: 16.19.0 - ~/.nvm/versions/node/v16.19.0/bin/node Yarn: 1.22.19 - ~/.nvm/versions/node/v16.19.0/bin/yarn npm: 8.19.3 - ~/.nvm/versions/node/v16.19.0/bin/npm Browsers: Chrome: 114.0.5735.198 Safari: 16.3 npmPackages: @ampproject/toolbox-optimizer: undefined () @aws-amplify/auth: ^5.5.3 => 5.5.3 (5.5.4) @babel/core: undefined () @babel/runtime: 7.15.4 @buddy-technology/buddy_helpers: ^2.2.2 => 2.2.2 @chakra-ui/anatomy: ^2.1.1 => 2.1.1 (2.1.2) @chakra-ui/react: 2.5.5 => 2.5.5 @edge-runtime/cookies: 3.0.4 @edge-runtime/primitives: 2.0.5 @emotion/react: ^11 => 11.10.6 @emotion/styled: ^11 => 11.10.6 @hapi/accept: undefined () @napi-rs/triples: undefined () @next/font: undefined () @next/react-dev-overlay: undefined () @opentelemetry/api: undefined () @segment/ajv-human-errors: undefined () @types/node: 18.11.15 => 18.11.15 (20.4.2) @types/react: 18.0.26 => 18.0.26 (18.0.33) @types/react-dom: 18.0.9 => 18.0.9 @types/react-input-mask: ^3.0.2 => 3.0.2 @typescript-eslint/eslint-plugin: ^5.57.1 => 5.57.1 @typescript-eslint/parser: ^5.57.1 => 5.57.1 @vercel/nft: undefined () @vercel/og: undefined () acorn: undefined () amazon-cognito-identity-js: ^6.2.0 => 6.2.0 (6.3.1) amazon-cognito-identity-js/internals: undefined () amphtml-validator: undefined () anser: undefined () arg: undefined () assert: undefined () async-retry: undefined () async-sema: undefined () autoprefixer: ^10.4.14 => 10.4.14 aws-amplify: 5.3.4 => 5.3.4 babel-packages: undefined () browserify-zlib: undefined () browserslist: undefined () buffer: undefined () bytes: undefined () chalk: undefined () ci-info: undefined () cli-select: undefined () client-only: 0.0.1 comment-json: undefined () compression: undefined () conf: undefined () constants-browserify: undefined () content-disposition: undefined () content-type: undefined () cookie: undefined () cross-spawn: undefined () crypto-browserify: undefined () css.escape: undefined () data-uri-to-buffer: undefined () debug: undefined () devalue: undefined () domain-browser: undefined () edge-runtime: undefined () eslint: 8.29.0 => 8.29.0 eslint-config-airbnb-base: ^15.0.0 => 15.0.0 eslint-config-airbnb-typescript: ^17.0.0 => 17.0.0 eslint-config-next: 13.0.6 => 13.0.6 events: undefined () find-cache-dir: undefined () find-up: undefined () framer-motion: ^6 => 6.5.1 fresh: undefined () get-orientation: undefined () glob: undefined () gzip-size: undefined () http-proxy: undefined () http-proxy-agent: undefined () https-browserify: undefined () https-proxy-agent: undefined () icss-utils: undefined () ignore-loader: undefined () image-size: undefined () is-animated: undefined () is-docker: undefined () is-wsl: undefined () jest-worker: undefined () json5: undefined () jsonwebtoken: undefined () loader-runner: undefined () loader-utils: undefined () lodash.curry: undefined () lru-cache: undefined () micromatch: undefined () mini-css-extract-plugin: undefined () nanoid: undefined () native-url: undefined () neo-async: undefined () next: 13.3 => 13.3.0 node-fetch: undefined () node-html-parser: undefined () ora: undefined () os-browserify: undefined () p-limit: undefined () path-browserify: undefined () platform: undefined () postcss: ^8.4.21 => 8.4.21 (8.4.14) postcss-flexbugs-fixes: undefined () postcss-modules-extract-imports: undefined () postcss-modules-local-by-default: undefined () postcss-modules-scope: undefined () postcss-modules-values: undefined () postcss-preset-env: undefined () postcss-safe-parser: undefined () postcss-scss: undefined () postcss-value-parser: undefined () process: undefined () punycode: undefined () qrcode.react: ^3.1.0 => 3.1.0 querystring-es3: undefined () raw-body: undefined () react: 18.2.0 => 18.2.0 (18.3.0-next-85de6fde5-20230328) react-dom: 18.2.0 => 18.2.0 (18.3.0-next-85de6fde5-20230328) react-icons: ^4.8.0 => 4.8.0 react-input-mask: ^2.0.4 => 2.0.4 react-is: 18.2.0 react-refresh: 0.12.0 react-server-dom-webpack: 18.3.0-next-85de6fde5-20230328 recoil: ^0.7.7 => 0.7.7 regenerator-runtime: 0.13.4 sass-loader: undefined () scheduler: undefined () schema-utils: undefined () semver: undefined () send: undefined () server-only: 0.0.1 setimmediate: undefined () shell-quote: undefined () source-map: undefined () stacktrace-parser: undefined () stream-browserify: undefined () stream-http: undefined () string-hash: undefined () string_decoder: undefined () strip-ansi: undefined () tailwindcss: ^3.3.1 => 3.3.1 tar: undefined () terser: undefined () text-table: undefined () timers-browserify: undefined () tty-browserify: undefined () typescript: 4.9.5 => 4.9.5 (5.0.2) ua-parser-js: undefined () undici: undefined () unistore: undefined () util: undefined () vm-browserify: undefined () watchpack: undefined () web-vitals: undefined () webpack: undefined () webpack-sources: undefined () ws: undefined () zod: undefined () npmGlobalPackages: @aws-amplify/cli: 12.1.1 concurrently: 7.6.0 corepack: 0.15.1 npm: 8.19.3 serverless: 3.26.0 supervisor: 0.12.0 yarn: 1.22.19 ```

Describe the bug

In a Next.js. client-side app: trying to authenticate via federated sign in with Google (calling Auth.federatedSignIn({ provider: 'Google' })) is only successful if it's the user's first time logging in, or if the user has been manually signed out via the AWS Cognito Console.

All other attempts fail, and when checking the network tab, there are four network attempts to the app client domain's oauth2/token route, three of which return invalid_grant and one that returns invalid_request. Only one of those requests includes a code_verifier param.

If it's the user's first time logging in, or if they have been manually signed out via the console (calling Auth.signOut() or Auth.SignOut({ global: true }) won't doesn't seem to allow people to re-authenticate) the request works. However, there are still a total of four requests made to oauth2/token endpoint. The first request that includes a code_verifier param succeeds and returns the access, id, and refresh tokens.

I'm experiencing these results even when switching browsers and devices as well as clearing the cache.

Native sign in via username/password works without issue.

NOTE: I do have a PreSignUp lambda trigger for linking federated users to existing cognito pool users. That is working well, as I can see the identities merged onto a user after using federated for the first time. This user pool only allows admins to create users (no self-sign up). Removing this trigger did not change this experience.

Expected behavior

• Users can successfully authenticate via Google even when they haven't been fully signed out.
• Users can successfully authenticate via Google on multiple devices at the same time.

Reproduction steps

1. Follow the Amplify docs' instructions for adding Social Sign In to a react app.
2. Login via google federation.
3. Sign out.
4. Try to log in again via google federation.

Code Snippet

import React, { useEffect, useState } from "react";
import Amplify, { Auth, Hub } from "aws-amplify";
import awsConfig from "./awsConfig.js";

Amplify.configure(awsConfig);

function App() {
    const [user, setUser] = useState({});

    useEffect(() => {
        Hub.listen("auth", ({ payload: { event, data } }) => {
            switch (event) {
                case "signIn":
                case "cognitoHostedUI":
                    getUser().then((userData) => setUser(userData));
                    break;
                case "signOut":
                    setUser(null);
                    break;
                case "signIn_failure":
                case "cognitoHostedUI_failure":
                    console.log("Sign in failure", data);
                    break;
            }
        });

        getUser().then((userData) => setUser(userData));
    }, []);

    function getUser() {
        return Auth.currentAuthenticatedUser()
            .then((userData) => {
                console.log(userData);
                setUser(userData);
            })
    }

    return (
        <div>
            <p>User: {user ? JSON.stringify(user) : "None"}</p>
            {user ? (
                <button onClick={() => Auth.signOut()}>Sign Out</button>
            ) : (
                <button onClick={() => Auth.federatedSignIn({ provider: "Google" })}>Federated Sign In</button>
            )}
        </div>
    );
}

export default App;

Log output

``` // Put your logs below this line [DEBUG] 04:38.257 AuthClass - getting current authenticated user [ConsoleLogger.js:122](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.261 AuthClass - get current authenticated userpool user 2 [ConsoleLogger.js:122](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.261 AuthClass - OAuth signIn in progress, waiting for resolution... [ConsoleLogger.js:122](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.262 AuthClass - OAuth signIn in progress, waiting for resolution... [ConsoleLogger.js:122](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.544 OAuth - Error handling auth response. Error: invalid_request _handleCodeFlow OAuth.js:116 step tslib.es6.js:100 verb tslib.es6.js:81 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleCodeFlow OAuth.js:61 handleAuthResponse OAuth.js:184 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 handleAuthResponse OAuth.js:154 _handleAuthResponse Auth.js:2264 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleAuthResponse Auth.js:2226 configure Auth.js:167 default urlListener.js:7 configure Auth.js:161 configure Amplify.js:87 configure Amplify.js:86 AuthContext.tsx:27 NextJS 4 _app.tsx:11 NextJS 4 (index):5 onEntrypoint route-loader.js:211 promise callback*onEntrypoint route-loader.js:211 register index.js:167 (index):2 NextJS 9 [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.545 AuthClass - Error in cognito hosted auth response Error: invalid_request _handleCodeFlow OAuth.js:116 step tslib.es6.js:100 verb tslib.es6.js:81 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleCodeFlow OAuth.js:61 handleAuthResponse OAuth.js:184 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 handleAuthResponse OAuth.js:154 _handleAuthResponse Auth.js:2264 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleAuthResponse Auth.js:2226 configure Auth.js:167 default urlListener.js:7 configure Auth.js:161 configure Amplify.js:87 configure Amplify.js:86 AuthContext.tsx:27 NextJS 4 _app.tsx:11 NextJS 4 (index):5 onEntrypoint route-loader.js:211 promise callback*onEntrypoint route-loader.js:211 register index.js:167 (index):2 NextJS 9 [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 AnalyticsClass - on hub capsule auth Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.546 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.547 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 AnalyticsClass - on hub capsule auth Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 AuthClass - OAuth signIn resolved: cognitoHostedUI_failure [ConsoleLogger.js:122](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.548 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 AuthClass - OAuth signIn resolved: cognitoHostedUI_failure [ConsoleLogger.js:122](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 AnalyticsClass - on hub capsule auth Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 AuthClass - Failed to get user from user pool 2 [ConsoleLogger.js:122](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.549 AuthClass - The user is not authenticated by the error No current user 2 [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.551 OAuth - Error handling auth response. Error: invalid_grant _handleCodeFlow OAuth.js:116 step tslib.es6.js:100 verb tslib.es6.js:81 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleCodeFlow OAuth.js:61 handleAuthResponse OAuth.js:184 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 handleAuthResponse OAuth.js:154 _handleAuthResponse Auth.js:2264 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleAuthResponse Auth.js:2226 configure Auth.js:167 default urlListener.js:7 configure Auth.js:161 configure Amplify.js:87 configure Amplify.js:86 AuthContext.tsx:27 NextJS 4 _app.tsx:11 NextJS 4 (index):5 onEntrypoint route-loader.js:211 promise callback*onEntrypoint route-loader.js:211 register index.js:167 (index):2 NextJS 9 [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 AuthClass - Error in cognito hosted auth response Error: invalid_grant _handleCodeFlow OAuth.js:116 step tslib.es6.js:100 verb tslib.es6.js:81 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 fulfilled tslib.es6.js:71 promise callback*step tslib.es6.js:73 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleCodeFlow OAuth.js:61 handleAuthResponse OAuth.js:184 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 handleAuthResponse OAuth.js:154 _handleAuthResponse Auth.js:2264 step tslib.es6.js:100 verb tslib.es6.js:81 __awaiter tslib.es6.js:74 __awaiter tslib.es6.js:70 _handleAuthResponse Auth.js:2226 configure Auth.js:167 default urlListener.js:7 configure Auth.js:161 configure Amplify.js:87 configure Amplify.js:86 AuthContext.tsx:27 NextJS 4 _app.tsx:11 NextJS 4 (index):5 onEntrypoint route-loader.js:211 promise callback*onEntrypoint route-loader.js:211 register index.js:167 (index):2 NextJS 9 [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 AnalyticsClass - on hub capsule auth Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.552 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "signIn_failure", data: Error, message: "The OAuth response flow failed" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 AnalyticsClass - on hub capsule auth Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "cognitoHostedUI_failure", data: Error, message: "A failure occurred when returning to the Cognito Hosted UI" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 AnalyticsClass - on hub capsule auth Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) [DEBUG] 04:38.553 Hub - Dispatching to auth with Object { event: "customState_failure", data: Error, message: "A failure occurred when returning state" } [ConsoleLogger.js:134](webpack://_N_E/node_modules/@aws-amplify/core/lib-esm/Logger/ConsoleLogger.js?aade) ```

aws-exports.js

No response

Manual configuration

{
  Auth: {
    refresh_token: true,
  },
  aws_user_pools_id: process.env.NEXT_PUBLIC_USER_POOL_ID,
  aws_user_pools_web_client_id: process.env.NEXT_PUBLIC_USER_POOL_CLIENT_ID,
  oauth: {
    domain: process.env.NEXT_PUBLIC_OAUTH_DOMAIN,
    scope: [
      'email',
      'openid',
      'profile',
      'aws.cognito.signin.user.admin',
    ],
    redirectSignIn: process.env.NEXT_PUBLIC_SIGN_IN_REDIRECT,
    redirectSignOut: process.env.NEXT_PUBLIC_SIGN_OUT_REDIRECT,
    responseType: 'code',
  },
}

Additional configuration

{
    "UserPool": {
        "Id": "us-east-1_xxxx",
        "Name": "testing-core-portal",
        "Policies": {
            "PasswordPolicy": {
                "MinimumLength": 8,
                "RequireUppercase": true,
                "RequireLowercase": true,
                "RequireNumbers": true,
                "RequireSymbols": true,
                "TemporaryPasswordValidityDays": 7
            }
        },
        "LambdaConfig": {
            "PreSignUp": "arn:aws:lambda:us-east-1:xxxxxx:function:core-portal-triggers-testing-linkExternalProvider"
        },
        "LastModifiedDate": "2023-07-13T15:39:31.715000-04:00",
        "CreationDate": "2023-04-21T15:17:15.769000-04:00",
        "SchemaAttributes": [
            {
                "Name": "sub",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": false,
                "Required": true,
                "StringAttributeConstraints": {
                    "MinLength": "1",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "name",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "given_name",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "middle_name",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "nickname",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "preferred_username",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            }, 
            {
                "Name": "profile",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "picture",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "website",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "email",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": true,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "email_verified",
                "AttributeDataType": "Boolean",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false
            },
            {
                "Name": "gender",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "birthdate",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "10",
                    "MaxLength": "10"
                }
            },
            {
                "Name": "zoneinfo",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
         {
                "Name": "locale",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "phone_number",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "phone_number_verified",
                "AttributeDataType": "Boolean",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false
            },
            {
                "Name": "address",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {
                    "MinLength": "0",
                    "MaxLength": "2048"
                }
            },
            {
                "Name": "updated_at",
                "AttributeDataType": "Number",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "NumberAttributeConstraints": {
                    "MinValue": "0"
                }
            },
            {
                "Name": "identities",
                "AttributeDataType": "String",
                "DeveloperOnlyAttribute": false,
                "Mutable": true,
                "Required": false,
                "StringAttributeConstraints": {}
            }
        ],
        "AutoVerifiedAttributes": [
            "email"
        ],
        "AliasAttributes": [
            "email",
            "preferred_username"
        ],
        "VerificationMessageTemplate": {
            "DefaultEmailOption": "CONFIRM_WITH_CODE"
        },
        "MfaConfiguration": "OPTIONAL",
        "DeviceConfiguration": {
            "ChallengeRequiredOnNewDevice": true,
            "DeviceOnlyRememberedOnUserPrompt": true
        },
        "EstimatedNumberOfUsers": 3,
        "EmailConfiguration": {
            "SourceArn": "arn:aws:ses:us-east-1:xxxxxxx:identity/cognito@xxxx",
            "EmailSendingAccount": "DEVELOPER"
        },
        "SmsConfiguration": {
            "SnsCallerArn": "arn:aws:iam::xxxxxxxxx:role/service-role/core-portal-userpool-testing-xxxxx",
            "ExternalId": "xxxxxxx"
        },
        "UserPoolTags": {},
        "Domain": "buddy-core-portal",
        "AdminCreateUserConfig": {
            "AllowAdminCreateUserOnly": true,
            "UnusedAccountValidityDays": 7
        },
        "UsernameConfiguration": {
            "CaseSensitive": false
        },
        "Arn": "arn:aws:cognito-idp:us-east-1:xxxxx:userpool/us-east-1_xxxxx",
        "AccountRecoverySetting": {
            "RecoveryMechanisms": [
                {
                    "Priority": 1,
                    "Name": "verified_email"
                },
                {
                    "Priority": 2,
                    "Name": "verified_phone_number"
                }
            ]
        }
    }

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

When the network tab, the app successfully redirects to oauth2/authorize which in turn redirects to Google. Upon authenticating with google, we see a successful redirect to oauth2/idpresponse where the authorization code and state are then added to the query string along with the final redirect is made to my local app. From there Amplify uses the same code, state, and additional code verifier to make a request to oauth2/token.

[israx]

Hello @cezarcarvalhaes . Sorry that you are experiencing this issue. Can you share the oauth2/token requests for the first and second login attempt ?

E.g. Login for the first (no cognito session created)

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token
                                Content-Type='application/x-www-form-urlencoded'&
                                Authorization=Basic ZGpjOTh1M2ppZWRtaTI4M2V1OTI4OmFiY2RlZjAxMjM0NTY3ODkw    
                                grant_type=authorization_code&
                                client_id=1example23456789&
                                code=AUTHORIZATION_CODE&
                                code_verifier=CODE_VERIFIER&
                                redirect_uri=com.myclientapp://myclient/redirect                     

Login for the second time (cognito session created)

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token
                                Content-Type='application/x-www-form-urlencoded'&
                                Authorization=Basic ZGpjOTh1M2ppZWRtaTI4M2V1OTI4OmFiY2RlZjAxMjM0NTY3ODkw    
                                grant_type=authorization_code&
                                client_id=1example23456789&
                                code=AUTHORIZATION_CODE&
                                redirect_uri=com.myclientapp://myclient/redirect                     

You can omit values assigned to the parameters. I'd like to see how the requests are sent when login for the 1st vs 2nd time.

The invalid_request param is returned when the request was malformed or it was missing a required parameter.

And the invalid_grand param is returned when the code param was already consumed.

[cezarcarvalhaes]

@israx Sure thing. Once it redirects back to the app, it makes four total calls. I'll post all of them and apologize in advance for the overload in information. You can see below that we only get invalid_request one time in the flow that fails. This behavior is consistent.

In case it's helpful, the network requests are coming from @aws-amplify/datastore/node_modules/@aws-amplify/auth/lib-esm/OAuth/OAuth.js.

---

First time log in (the one that works):

Call 1: (200)

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 297 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers ``` Form Data: ``` grant_type=authorization_code& code=7df80e29-ab6f-4262-ae57-e55fc678551d& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& code_verifier=hqroO9VESLSkAUobzQxJF5jDNVIaIp7VDuxgXuFJIYPwa0okIkCu6d1yp6xf914EWxlI6ZAskOiRUu15rsQhoyokMINDDXJp7nWPNRlsm1fgNWenvLUGoQyyFncfLitr ```

Call 2: (400 - Error: "invalid_grant")

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 154 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site ``` Form Data: ``` grant_type=authorization_code& code=7df80e29-ab6f-4262-ae57-e55fc678551d& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& ```

Call 3: (400 - Error: "invalid_grant")

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 154 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site ``` Form Data: ``` grant_type=authorization_code& code=7df80e29-ab6f-4262-ae57-e55fc678551d& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& ```

Call 4: (400 - Error: "invalid_grant")

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 154 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site ``` Form Data: ``` grant_type=authorization_code& code=7df80e29-ab6f-4262-ae57-e55fc678551d& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& ```

---

Log out then try and login again via federation (not working)

Call 1: (400 - Error: "invalid_grant")

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 297 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site ``` Form Data: ``` grant_type=authorization_code& code=16067943-373e-4bc9-bf4f-538129edf030& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& code_verifier=1BsQAA5wj5GdYOBfvyFDl8F5MmFa73Z7V2g18GbD71KcRVwEohwekpdi8DKA0lrZ5CLCw97am8uG6qy8CTJa97CBt0j7YYXd5gTZpjePNh40SXkvWtabE14oXGL8ZJ4P ```

Call 2: (400 - Error: "invalid_request")

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 154 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site ``` Form Data: ``` grant_type=authorization_code& code=16067943-373e-4bc9-bf4f-538129edf030& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& ```

Call 3: (400 - Error: "invalid_grant")

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 154 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site ``` Form Data: ``` grant_type=authorization_code& code=16067943-373e-4bc9-bf4f-538129edf030& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& ```

Call 4: (400 - Error: "invalid_grant")

Request Headers: ``` POST /oauth2/token HTTP/2 Host: xxxxx.us-east-1.amazoncognito.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:3000/ Content-Type: application/x-www-form-urlencoded x-amz-user-agent: aws-amplify/5.3.4 auth/30 framework/2 Content-Length: 154 Origin: http://localhost:3000 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site ``` Form Data: ``` grant_type=authorization_code& code=16067943-373e-4bc9-bf4f-538129edf030& client_id=[CLIENT ID]& redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F& ```

[cezarcarvalhaes]

I've figured out the issue—thanks again for looking into it.

I was also requiring @aws-amplify/auth in my devDependencies (in addition to aws-amplify). Once I removed it, I only saw one call to the token endpoint in my network tab (as expected), and separate federated logins started working (both in separate browsers and after logging out and logging in again).

I added @aws-amplify/auth to devDependencies in order to access the CognitoHostedUIIdentityProvider.Google property that federatedSignIn is expecting.