"responseType":"code" but Amplify is doing a token request

[mrgoos]

Describe the bug I have SAML setup in Cognito and I call Auth.federatedSignIn(); in my Angular client to get the "enter corporate email" text box from Cognito hosted UI. Everything works well and I get redirected back to the FE APP after login and I get the code but then I see that Amplify is doing a request to get JWT tokens (/oauth2/token). By doing that, the granted code is being used and I can't use it in my backend. I want to use the code in the backend and get the tokens in the backend.

To Reproduce Create a SAML IDP and call federatedSignIn oauth config in aws-exports: "responseType": "code" Config in cognito: Authorization code grant is checked, only.

Expected behavior I expect that no request will be made to Cognito to get JWT tokens.

What is Configured? If applicable, please provide what is configured for Amplify CLI:

• Which steps did you follow via Amplify CLI when configuring your resources.
• Which resources do you have configured?
  • If applicable, please provide your aws-exports file:

    const awsmobile = {
    "aws_cognito_region": "X",
    "aws_user_pools_id": "X",
    "aws_user_pools_web_client_id": "X",
    "oauth": {
    "domain": "X",
    "scope": [
        "email",
        "openid",
    ],
    "redirectSignIn": "http://localhost:4200/loginsso",
    "redirectSignOut": "http://localhost:4200/logout",
    "responseType": "code",
    },
    "aws_user_files_s3_bucket": "X",
    "aws_user_files_s3_bucket_region": "X"
    };

Environment

``` npx: installed 1 in 2.724s System: OS: macOS 10.15.4 CPU: (4) x64 Intel(R) Core(TM) i7-7660U CPU @ 2.50GHz Memory: 550.25 MB / 16.00 GB Shell: 3.2.57 - /bin/bash Binaries: Node: 12.16.1 - ~/.nvm/versions/node/v12.16.1/bin/node npm: 6.13.4 - ~/.nvm/versions/node/v12.16.1/bin/npm Browsers: Brave Browser: 80.1.5.115 Chrome: 83.0.4103.97 Firefox: 76.0.1 Safari: 13.1 npmPackages: @angular-devkit/build-angular: 0.901.0 => 0.901.0 @angular/animations: 9.0.7 => 9.0.7 @angular/cdk: 9.1.3 => 9.1.3 @angular/cli: 9.1.0 => 9.1.0 @angular/common: 9.0.7 => 9.0.7 @angular/compiler: 9.0.7 => 9.0.7 @angular/compiler-cli: 9.0.7 => 9.0.7 @angular/core: 9.0.7 => 9.0.7 @angular/forms: 9.0.7 => 9.0.7 @angular/language-service: 9.0.7 => 9.0.7 @angular/material: 9.1.3 => 9.1.3 @angular/platform-browser: 9.0.7 => 9.0.7 @angular/platform-browser-dynamic: 9.0.7 => 9.0.7 @angular/router: 9.0.7 => 9.0.7 @types/jasmine: 3.3.8 => 3.3.8 @types/jasminewd2: 2.0.6 => 2.0.6 @types/node: 12.12.31 => 12.12.31 ajv: 6.9.1 => 6.9.1 ajv-keywords: 3.4.1 => 3.4.1 aws-amplify: 3.0.17 => 3.0.17 classlist.js: 1.1.20150312 => 1.1.20150312 codelyzer: 5.2.1 => 5.2.1 compass-sass-mixins: 0.12.7 => 0.12.7 core-js: 2.6.11 => 2.6.11 is-mobile: 2.0.0 => 2.0.0 jasmine-core: 3.3.0 => 3.3.0 jasmine-spec-reporter: 4.2.1 => 4.2.1 json-server: 0.14.2 => 0.14.2 karma: 4.4.1 => 4.4.1 karma-chrome-launcher: 2.2.0 => 2.2.0 karma-cli: 2.0.0 => 2.0.0 karma-coverage-istanbul-reporter: 2.0.4 => 2.0.4 karma-jasmine: 2.0.1 => 2.0.1 karma-jasmine-html-reporter: 1.4.0 => 1.4.0 ng2-validation: 4.2.0 => 4.2.0 ngx-css-variables: 1.0.1 => 1.0.1 node-sass: 4.14.1 => 4.14.1 powerbi-client: 2.7.5 => 2.7.5 protractor: 5.4.3 => 5.4.3 rxjs: 6.5.4 => 6.5.4 ts-node: 8.0.2 => 8.0.2 tslib: 1.11.1 => 1.11.1 tslint: 5.12.1 => 5.12.1 typescript: 3.7.5 => 3.7.5 zone.js: 0.10.3 => 0.10.3 npmGlobalPackages: @angular/cli: 9.1.0 @aws-amplify/cli: 4.21.0 npm: 6.13.4 ```

_You can turn on the debug mode to provide more info for us by setting window.LOGLEVEL = 'DEBUG'; in your app.

[mrgoos]

More info: I enabled the debugger and I see the events that are invoking the token request. I cannot catch "codeFlow" event in Hub. But that's the thing, IMO this event shouldn't be invoked in responseType:code. If I wanted the tokens in the FE, I would just use responseType:token and implicit grant in Cognito.

[mrgoos]

Apparently it's by design and I misunderstood how it's supposed to work. It seemed weird to me that the FE is getting the tokens after it gets the code...

[github-actions[bot]]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.