Hello,
In Management console when you try to add Federated identity provider for a User pool in Cognito there is option to manually set endpoints like Issuer URL, UserInfo endpoint URL, etc.
When trying to do the same via awscli, CloudFormation, Terraform, etc, there are two problems:
- There is no option to set the UserInfo endpoint, and if I try to add it in
provider_details
parameter, the command is rejected:
InvalidParameterException: userinfo_url is not a valid key for oidc identity provider details.
- All the manual endpoint URLs are used "if Amazon Cognito didn't discover them at the oidc_issuer URL", but if the oidc_issuer URL is not a metadata document the command is again rejected:
InvalidParameterException: Unable to contact well-known endpoint
My use case is trying to setup LinkedIn OIDC provider. Their metadata document URL is:
https://www.linkedin.com/oauth/.well-known/openid-configuration
But actually the "Issuer" field in it is slightly different:
https://www.linkedin.com/
If I manually set all the endpoints through the management console, integration works, but I want a way to do this from Infrastructure as a Code point of view.