Social Login (Facebook) through user pool, hosted, ui, invalid_grant error.

[calboru]

Followings are my settings. When I try to test social login I always get invalid_grant error.

WHEN I INVOKE:
federatedSignIn() {
const provider: FederatedSignInOptionsCustom = { customProvider: 'Facebook' };
return from(this.auth.federatedSignIn(provider));
}

OR TEST URL: https://xxxx.auth.us-east-2.amazoncognito.com/login?response_type=code&client_id=xxxx&redirect_uri=https://localhost:4200

Error happens after PKCE event: https://localhost:4200/?code=16c65151-7f92-4611-99c3-d872a44cacb6

MY SETTINGS AS FOLLOW:
const awsmobile = {
aws_project_region: 'us-east-2',
aws_cognito_region: 'us-east-2',
aws_user_pools_id: 'us-east-2_XXX',
aws_user_pools_web_client_id: 'XXXXX',
Auth: {
oauth: {
domain: 'XXX.auth.us-east-2.amazoncognito.com',
redirectSignIn: 'https://localhost:4200',
redirectSignOut: 'https://localhost:4200',
mandatorySignIn: true,
scope: ['public_profile', 'openid', 'email', 'first_name', 'last_name'],
responseType: 'code'
}
}
};

[manueliglesias]

Hi @calboru

invalid_grant could mean that:

• Refresh token has been revoked.
• Authorization code has been consumed already or does not exist.

(According to TOKEN Endpoint docs)

Do you see duplicate/multiple calls to the token endpoint in the network inspector?

[calboru]

Hi @calboru

invalid_grant could mean that:

• Refresh token has been revoked.
• Authorization code has been consumed already or does not exist.

(According to TOKEN Endpoint docs)

Do you see duplicate/multiple calls to the token endpoint in the network inspector?

Hi Manuel,
Yes I saw two calls even though I call it once. Is it an amplify bug?

[nandoise]

invalid_grant ; Zone ; Task Promise.then ; Value: Error: invalid_grant ... zone.js

---

It seems you are calling two times, in you code.

you set at begining the imports

import Amplify, { Auth } from 'aws-amplify';
import amplify from './aws-exports';

Amplify.configure(amplify); //something like this

this is all.. but in some tutorials give an extra step (not necesary)..

ej.

oauth = {
    domain: 'you-domain.auth.us-east-1.amazoncognito.com',
    scope: ['phone', 'email', 'profile', 'openid', 'aws.cognito.signin.user.admin'],
    redirectSignIn: 'http://localhost:4200',
     redirectSignOut: 'http://localhost:4200',
     responseType: 'code',
    options: {
      AdvancedSecurityDataCollectionFlag : false
    }
};

Auth.configure({ 
  oauth: oauth
 })

This is not necesary because your "import amplify from './aws-exports';" has the same parameters,

REVIEW
Check you development tool f12 if you has something like this [img], just comment the (extra step)

[jordanranz]

@nandoise, I too ran into this issue. Removing the manual config from the documentation example fixed the 'invalid_grant' error.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

[MTajuddin96]

Write Amplify.configure(awsConfig) after your initial component mounted. This actually solved my issue.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.