m4g005
commented
4 years ago Are you using an identity provider? I just repro'd this behavior, but it wasn't a problem in this code. Instead, my IDP (I am using SAML with google), was configured to post back to the cognito url, not my custom url.
I.e., the saml app in google was calling back to [my-cognito-url].auth.us-west-2.amazoncognito.com/saml2/idpresponse instead of [my-custom-domain]/saml2/idpresponse.
I figured this out by using the browser developer tools and watching the calls.
I followed the examples in the documentation and noticed that when a custom domain is provided in AWS Cognito and the AWS_COGNITO_DOMAIN config is set in Flask with the same value, the library is unable to get the access token from the request argument.
The following "aws_auth.get_access_token(request.args)" fails because I believe the necessary request args are not being passed on.
When I don't use the "Your own domain" setting and set the AWS_COGNITO_DOMAIN config in Flask with the "Amazon Cognito domain" everything works as expected.
The documentation states "Both options - “Amazon Cognito domain” and “Your own domain” are supported. Don’t forget to pass it to Flask app config."
Any suggestions?