Cognito AUTHORIZATION endpoint - Error handling


We're using the Cognito Authentication server to log in users via SAML and OIDC from a custom frontend UI. The AUTHORIZATION endpoint URL (ie. is being constructed in a client-side JS app and the user is being redirected using JS (ie. window.location) Note: We're using the Amplify-JS Auth module to do this.

I'm struggling with error handling...

The documentation outlines error responses here

One error case from Docs:

If client_id and redirect_uri are valid, but the request parameters have other problems (for example, if response_type is not included; if code_challenge is supplied but code_challenge_method is not supplied; or if code_challenge_method is not 'S256'), the authentication server redirects the error to client's redirect_uri.

HTTP 1.1 302 Found Location: https://client_redirect_uri?error=invalid_request

In this case, we removed the response_type parameter, but the user was redirected to the hosted UI:

HTTP 1.1 302 Found Location:

We've tried a few other error cases, ie providing an unknown identity_provider and the same happens...the user is redirected to the hosted UI.

Is this a known issue? Should the AUTHORIZATION endpoint be working as the docs describe?

已提问 2 年前1091 查看次数
2 回答


If you have provided a valid client_id and redirect_uri then the behavior should be as documented. if this is not the case then please open a support case and we will investigate the behavior further based on the setup you have in your account.

已回答 2 年前

Thanks Mahmoud, Yes I can confirm we are providing a client_id and corresponding redirect_uri as is configured on our app client.

I'm trying to raise a ticket in the AWS Support Center - is that the right place, it doesn't look like it's possible on the account I'm using - "Technical support is unavailable under Basic Support Plan" Thanks

已回答 2 年前

您未登录。 登录 发布回答。

