Issue has been mentioned by others in the past years but still no fix available.
To support both personal and Microsoft accounts to sign up / sign in with Cognito as Microsoft as IDP the docs tell you to use the “common” endpoint.
However a bad issuer mismatch error is returned when users try to sign up / log in using a Microsoft account.
https://github.com/MicrosoftDocs/azure-docs/issues/38427
Other parties such as firebase, okta etc have implemented a fix because Microsoft will not comply with OIDC in the near future.
Can cognito team implement a fix so we can support Microsoft personal and work accounts using “common” endpoint? I'm considering moving my Authentication to Firebase because they support it out of the box.
I also created this issue on github but seems it's not on the radar of being fixed any time soon.
https://github.com/aws-samples/amazon-cognito-example-for-external-idp/issues/98
Please do not reply with answers mentioning to use a specific tenant ID because that does not solve the problem, it only allows people to sign in using that Tenant ID. A solution would be how we can support both Work and Personal accounts from Microsoft using the "Common" endpoint or maybe a different endpoint.
AWS 官方已更新 1 年前