amplify-js: Cognito hosted UI federatedSignIn not working with react native:- "Error in cognito hosted auth response Error: invalid_request"

As in the docs I used oauth configs to login using fb | google with config like in below template.

const config = {
  Auth: {
    identityPoolId: process.env.REACT_APP_IDENTITY_POOL_ID,
    region: process.env.REACT_APP_REGION,
    userPoolId: process.env.REACT_APP_USER_POOL_ID,
    userPoolWebClientId: process.env.REACT_APP_USER_POOL_WEB_CLIENT_ID,
    oauth : {
      domain : 'your-domain-prefix.auth.us-east-1.amazoncognito.com', 
      scope : ['phone', 'email', 'profile', 'openid','aws.cognito.signin.user.admin'], 
      redirectSignIn : 'http://localhost:3000/auth/', 
      redirectSignOut : 'http://localhost:3000/signout/', 
      responseType: 'code'
    }
  }
}

Configured with Amplify.configure(config) when the app starts.

Added

 Hub.listen("auth", ({ payload: { event, data } }) => {
      switch (event) {
        case "signIn":
          console.log('signed in data: ', data)
          break;
        case "signOut":
          this.setState({ user: null });
          break;
      }
    });

in the componentDidMount() and used Auth.federatedSignIn({ provider: 'Facebook' }) and Auth.federatedSignIn({ provider: 'Google' }) to signIn.

“react”: “^16.5.2”, “aws-amplify”: “^1.1.28”, “aws-amplify-react”: “^2.3.8”

Works 100% on React web app (both Fb and Google logins)

But, when I try this with react-native app with following changes,

      redirectSignIn : 'app://myapp/auth/', 
      redirectSignOut : 'app://myapp/signout/',

below happens,

open browser, get permissions from user and redirect to cognito domain endpoint aouth2/authorize
return to app with ‘code’
then, frontend amplify tries to retrieve tokens from token endpoint using that ‘code’

But, it fails with AuthClass - Error in cognito hosted auth response Error: invalid_request

"react": "16.4.1",
"react-native": "0.56.0",
 "aws-amplify": "^1.1.28",
"aws-amplify-react-native": "2.1.12",

NOTE: redirect uri in aws cognito console was set matching to the frontend

then I tried with following library variations

"aws-amplify": "1.2.29-unstable.0", "aws-amplify": "1.2.29-unstable.1", "aws-amplify": "1.2.29-unstable.2"
"@aws-amplify/auth": "1.2.25-unstable.2"
"aws-amplify-react-native": "2.1.13-unstable.2"

But same issue. Among hundred of tries, it worked once! received all 3 tokens (access, id, refresh) But, right after it, with the same configurations, it again began to fail with same invalid_request error.

NOTE: tried with brand new fb, google accounts

Can someone help me with this please?

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 17
Comments: 36

Commits related to this issue

fix(@aws-amplify/auth, aws-amplify-react-native): Fix OAuth flow in react native Fixes #3399 Closes #3576 Fixes #3247 Fixes #3592 Fixes #3210 — committed to manueliglesias/aws-amplify by manueliglesias 5 years ago
fix(@aws-amplify/auth, aws-amplify-react-native): Fix OAuth flow in react native Fixes #3399 Closes #3576 Fixes #3247 Fixes #3592 Fixes #3210 — committed to manueliglesias/aws-amplify by manueliglesias 5 years ago
fix(@aws-amplify/auth, aws-amplify-react-native): Fix OAuth flow in react native (#3633) Fixes #3399 Closes #3576 Fixes #3247 Fixes #3592 Fixes #3210 — committed to aws-amplify/amplify-js by manueliglesias 5 years ago
chore:release (#3684) * fix: allow SSE to be passed in global configure of storage * fix: allow SSE to be passed in global configure of storage * update messaging * update messaging * Adj... — committed to aws-amplify/amplify-js by haverchuck 5 years ago
chore:release (#3684) * fix: allow SSE to be passed in global configure of storage * fix: allow SSE to be passed in global configure of storage * update messaging * update messaging * Adj... — committed to computationalcore/amplify-js by haverchuck 5 years ago
chore:release (#3684) * fix: allow SSE to be passed in global configure of storage * fix: allow SSE to be passed in global configure of storage * update messaging * update messaging * Adj... — committed to epidemicsound/amplify-js by haverchuck 5 years ago
chore:release (#3684) * fix: allow SSE to be passed in global configure of storage * fix: allow SSE to be passed in global configure of storage * update messaging * update messaging * Adj... — committed to CongNguyen086/amplify-js by haverchuck 5 years ago

Most upvoted comments

I am also getting the same issue even successful login using google federation. OAuth - Error handling auth response., [Error: invalid_grant]

“aws-amplify”: “^1.2.2”, “aws-amplify-react”: “^2.5.2”, “aws-amplify-react-native”: “^2.2.2”,

+10

ni3galave on Oct 22, 2019

I am still getting this error in Angular JS with the latest amplify (I got this in v2 also). Screen Shot 2020-07-05 at 4 18 05 am

However, this only happen in the first attempt. The failing network request has the following params;

grant_type: authorization_code
code: <CODE>
client_id: <CODE>
redirect_uri: https://www.vinyl.lk/

The successful token request has;

grant_type: authorization_code
code: <CODE>
client_id: <CODE>
redirect_uri: https://www.vinyl.lk/
code_verifier:  <CODE>

Anyone having the same problem?

anuradhawick on Jul 4, 2020

I submitted a PR #3576, lets see what the maintainers say.

jenshandersson on Jul 2, 2019

I have the same error. Before everything was worked fine.

lenarmazitov on Jun 5, 2019

I have same issue with responseType: 'code'. But it can work with responseType: 'token'. I have question, since there is no refresh token so we need to execute Auth.federatedSignIn() when the access token is expired, right ?

Davis10733 on Jun 14, 2019

I checked one more thing: when responseType: 'token' and you will check Implicit grant in options it works fine but the docs says that there is no auto refreshing of token this way -> temporary solution for developing

woles on Jun 11, 2019

I’m also experiencing the same issue @anuradhawick. in my react project. For some reason, the call to get /token is executed twice. even though I have Amplify.configure(awsExports); set up once in the entire app. I’m using the latest version of amplify "aws-amplify": "^3.0.20",

With a custom auth UI

There’s a lot of similar issue floating around #3642 #3185 (comment) #6041 #5829 #6172

Any chance you resolved the issue?

Add my issue to that list:

7364

davegravy on Dec 25, 2020

I upgraded @aws-amplify/auth from 3.2.3 to 3.3.1 and now I’m getting this error.

EDIT: after I upgraded, I got an error that said “scope must be a String Array”. I’m loading the scope from a .env file, so I just call .split(' ') on the string. That worked, but now I get the invalid_scope error.

EDIT 2: I removed the call to split and changed scope to scopes (plural) and now everything works on the latest version.

JacksonGariety on Jul 15, 2020

@iamdavidmartin Never mind, I just upgraded my aws-amplify library to 1.1.31-unstable.5 version after @manueliglesias fix and it is now working for me

Thanks @manueliglesias

dineshmatta on Jul 13, 2019

@iamdavidmartin I am still getting the error with 1.1.30 version of aws-amplify library

[Unhandled promise rejection: Error: invalid_request]

node_modules/@aws-amplify/auth/lib/OAuth/OAuth.js:143:44 in <unknown>
node_modules/@aws-amplify/auth/lib/OAuth/OAuth.js:52:27 in step
… 11 more stack frames from framework internals

dineshmatta on Jul 10, 2019

@ltankey When the user logs in initially, everything works fine. On subsequent app reloads I have the same problem as you do: signIn_failure and cognitoHostedUI_failure. However, the user is still authenticated.

Like you said, really strange. At this time, I’m moving on with other development and I’ll come back to this in a while hoping that there’s been some resolution.

iamdavidmartin on Jul 3, 2019

Same here. Using this config file :

const awsmobile ={
  "aws_appsync_region": "ap-southeast-2",
  Auth: {
    identityPoolId: "...",
    region: "...",
    userPoolId: "...",
    userPoolWebClientId: "...",
  },
  oauth : {
    domain : '...',
    scope : [ 'aws.cognito.signin.user.admin'],
    redirectSignIn : 'myapp://signin',
    redirectSignOut : 'myapp://signout',
    responseType: 'code'
  }
};

export default awsmobile;

When I use Auth.federatedSignIn({provider: 'Google'}); and enabling DEBUG log level I get these errors :

'[DEBUG] 10:21.378 OAuth - Calling token endpoint:
 https://magnyv5-domain.auth.ap-southeast-2.amazoncognito.com/oauth2/token with', { grant_type: 'authorization_code',
   code: 'a17c40d4-1a3f-47f4-b67c-7915d649101b',
   client_id: '.....',
   redirect_uri: 'myapp://signin',
   code_verifier: 'RDoPZ0ZfThCD8HJGMHn2RbwiLpERnnARSXHIwDAT7L2laDls09G6R1bpTNGuNn3KgRPolty2tMCXKBbiypb2FriyVmZbhtzqdnlAmo8TQsF6mneV5obZjwRCpeB49Ay6' }
 '[DEBUG] 10:22.190 AuthClass - Error in cognito hosted auth response', { [Error: invalid_request]
   line: 175806,
   column: 32,
   sourceURL: 'http://localhost:8081/index.delta?platform=android&dev=true&minify=false' }
 '[DEBUG] 10:22.331 Hub - Dispatching to auth with ', { event: 'signIn_failure',
   data:
    { [Error: invalid_request]
      line: 175806,
      column: 32,
      sourceURL: 'http://localhost:8081/index.delta?platform=android&dev=true&minify=false' },
   message: 'The OAuth response flow failed' }
 '[DEBUG] 10:22.335 Analytics - on hub capsule auth', { event: 'signIn_failure',
   data:
    { [Error: invalid_request]
      line: 175806,
      column: 32,
      sourceURL: 'http://localhost:8081/index.delta?platform=android&dev=true&minify=false' },
   message: 'The OAuth response flow failed' }

If I take the params from the above log and use them in postman, It just works fine and return accessToken,refreshToken . So it seems an amplify problem and not hosted ui.

uchar on Jun 25, 2019

UPDATE

Works when you disable ‘remote debugger’! Somehow it interfere the Hub module’s listening to events.

@jordanranz @powerful23 do you have any explanation for this?

Confirm with react-native up to 0.58.*

But have to notice that for react-native >= 0.59.0 “Error: invalid_request” happens all time. !

lenarmazitov on Jun 6, 2019