ERROR invalid-user-claim on AWS cognito #265
Comments
timnolte
added
needs analysis
|
@Emanuele-iltk so as I was looking the AWS Cognito documentation it looks like this may be related to the requirement that Basic Authorization is to be used with AWS Cognito but the plugin currently only supports POST Authorization. There is an open issue reporting this for another IDP. I might see about setting up an AWS Cognito instance for further testing as well to confirm this. I did a quick Google and found this guide on setting up AWS Cognito as an OIDC IDP. I'm wondering if you can check that guide against your setup and see if there is a misconfiguration? |
|
@Emanuele-iltk I ran into the same issue - have you tried setting your userInfo path to use a lower case U: /oauth2/userInfo This worked for me. |
|
@Emanuele-iltk so I did setup my own AWS Cognito instance and have this working properly. I will provide some documentation guidance in the wiki for this IDP soon. |
|
I am using the plugin with Cognito in production with mostly fine results. (a couple of "Invalid State" messages - 180 seconds default is not long enough for many users to validate their email during sign up) |
timnolte
added
need more info
|
Have you published cognito instructions? I looked through wiki but couldn't find anything. I have configured everything but I get error when I click on the login button. In console I see 403 error
|
|
@sarfrazhooda1 I haven't had a chance to update the wiki yet. I need to focus on some redirect & bug fixes. I should be able to get something documented soon. |
timnolte
added
documentation
identity provider: aws cognito
wordpress version: 5.6
php version: 7.4
i’m using aws cognito for my sso
the connection with cognito is working,
but when i insert my data for login, the site respond ERROR invalid user claim
would it be possipble that the error is the identity or nickname key?
now i insertd the examples values
oter parametres are:
Scope: openid
Login Endpoint URL: my.domain.org/oauth2/authorize
Userinfo Endpoint URL: my.domain.org/oauth2/UserInfo
Token Validation Endpoint URL: my.domain.org/oauth2/token: my.domain.org/oauth2/logout
Disable SSL Verify: true
Email Formatting: {email}
Display Name Formatting: {family_name}
Identify with User Name: false
Link Existing Users: true
Create user if does not exist: true
any suggestion for fix the problem?
thank
Emanuele
The text was updated successfully, but these errors were encountered: