问题
I am trying to create a Android project where I authorize a user by having him log into Amazon Cognito in a browser, which should then redirect back to my app. Unfortunately, when the browser opens, instead of reaching the proper sign-in page, I keep getting this error:
In my AuthenticatorActivity.java:
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_authenticator);
Uri authzUrl = Uri.parse("https://<myDomain>.auth.us-west-2.amazoncognito.com/login?response_type=token&client_id=<myClientId>&redirect_uri=myapp://mainAct");
Intent launchBrowser = new Intent(Intent.ACTION_VIEW, authzUrl);
startActivity(launchBrowser);
}
In AndroidManifest:
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:host="mainAct" android:scheme="myapp"></data>
</intent-filter>
</activity>
I can't figure out what I am doing wrong here. Am I missing a step?
回答1:
Ok, I'm leaving a tidbit here for whoever might find it next. I hit this issue exact same issue, but as a newbie to Cognito and IdP/SSO I had no idea how to fix this. Here is what I did to eventually fix this. We were integrating with an external service, and we were getting this error. Under Chrome Developer Tools -> Network, I started to record the URL's visited, then I tried the SSO integration again. There was a URL that showed up in the list which visited Cognito with a redirect to URL. That URL must be the same URL as listed under the Callback URL for Cognito.
Hopefully, this saves someone some time in the future.
回答2:
Do check your callback url and sign out url. The corect format is :
app_client_name:https://www.myapp.com/
回答3:
In my case the error was due to CloudFront serving the old files.
To solve it; you can invalidate CloudFront files via AWS console.
p.s. can use /* to invalidate all of the files
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html
回答4:
Assuming your website is behind an application load balancer (ALB), and you have a listener rule that uses a Cognito user pool and Path is * in the IF rule statement, you should configure your 0Auth client app callback url, like:
https://<your-ALB-DNS>/oauth2/idpresponse
This make it work for me at least, with no other fancy config.
Keep in mind though that this will just provide a layer on top of whatever you have behind the ALB. If you have some additional authentication method in it, you have to configure that as well.
回答5:
I solved this by remembering to include http:// in the callbackUrl on the frontend.
const redirect_url=${window.location.origin};
It probably wont be a common reason, but was why mine broke.
回答6:
I am using amplify with cognito and encountered this error. Fixed by following. In aws-export.ts, there is a redirecSingIn url, it must be the exact same url as in cognito/app Integration/app client setting/ callback url.
来源:https://stackoverflow.com/questions/50936774/amazon-cognito-how-to-stop-getting-redirect-mismatch-error-when-redirecting-f