Unable to updateUserPoolClient (client_credentials) without logout_urls and callback_urls

[Aliasad9]

Describe the bug

According to the documentation UpdateUserPoolClient doesn't need logout_urls and callback_urls when oauth-flow is of type client_credentials but when I try to do that it throws the error demanding logout and callback urls.

Expected Behavior

In case of oauth flow of type client_credentials, it shouldn't require logout, callback urls

Current Behavior

it gives following error:

INVALID_ARGUMENT: com.amazonaws.services.cognitoidp.model.InvalidParameterException: 2 validation errors detected: Value '[]' at 'logoutURLs' failed to satisfy constraint: Member must satisfy constraint: [Member must have length less than or equal to 1024, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: [\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+]; Value '[]' at 'callbackURLs' failed to satisfy constraint: Member must satisfy constraint: [Member must have length less than or equal to 1024, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: [\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+] (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: InvalidParameterException; Request ID: 336a686e-9b0a-49ce-94cb-ba91b17306a9; Proxy: null)

Reproduction Steps

import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProvider; import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProviderClientBuilder; import com.amazonaws.services.cognitoidp.model.*;

public class CognitoUserPoolClientUpdater { public static void main(String[] args) { // Initialize the Cognito Identity Provider client AWSCognitoIdentityProvider cognitoIp = AWSCognitoIdentityProviderClientBuilder.defaultClient();

    // Set up the request parameters
    String userPoolId = "us-east-1_example";
    String appClientId = "1234567890abcdef";
    String appClientName = "MyAppClient";

    try {
        UpdateUserPoolClientRequest request = new UpdateUserPoolClientRequest()
            .withUserPoolId(userPoolId)
            .withClientId(appClientId)
            .withClientName(appClientName)
            .withExplicitAuthFlows(
                ExplicitAuthFlowsType.ALLOW_USER_SRP_AUTH,
                ExplicitAuthFlowsType.ALLOW_REFRESH_TOKEN_AUTH,
                ExplicitAuthFlowsType.ALLOW_CUSTOM_AUTH
            )
            .withAllowedOAuthFlows(OAuthFlowType.Client_credentials)
            .withAllowedOAuthFlowsUserPoolClient(true)
            .withPreventUserExistenceErrors(PreventUserExistenceErrorTypes.ENABLED)
            .withSupportedIdentityProviders(null);

        // Send the request to update the User Pool Client
        UpdateUserPoolClientResult result = cognitoIp.updateUserPoolClient(request);

        // Print the result
        System.out.println("User Pool Client updated successfully:");
        System.out.println(result.getUserPoolClient().toString());

    } catch (AWSCognitoIdentityProviderException e) {
        System.err.println("Error updating User Pool Client: " + e.getMessage());
        e.printStackTrace();
    }
}

}

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

1.12.239

JDK version used

OpenJDK Runtime Environment Temurin-22+36 (build 22+36)

Operating System and version

ubuntu 22.04

[debora-ito]

According to the documentation UpdateUserPoolClient doesn't need logout_urls and callback_urls when oauth-flow is of type client_credentials

Can you share a link to the documentation?

Can you enable the verbose wirelogs of the updateUserPoolClient call? Please make sure to redact any sensitive information, like access keys.

[github-actions[bot]]

It looks like this issue has not been active for more than five days. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please add a comment to prevent automatic closure, or if the issue is already closed please feel free to reopen it.