Amazon Cognito Domain and CORS
Question
I am using Amazon Cognito as an OAuth provider. The endpoint for getting the authorization code from cognito is https://AUTH-DOMAIN.auth.us-east-1.amazoncognito.com .
My website is hosted on S3 ( https://example.s3.amazonaws.com ) and requests the above cognito domain, the cognito endpoint does not return the CORS header ( Access-Control-Allow-Origin: * ) in the response. Thus, I'm getting an error.
I don't see an option to enable cors in the cognito user pool. I see an unanswered question in the AWS forum - https://forums.aws.amazon.com/thread.jspa?messageID=924297
Can someone help me with this issue?
1 answers
solution1
0 ACCPTED 2020-04-14 14:21:00
Found that AWS Cognito presently(Apr 2020) does not support CORS on the domain name. Although, there is probably something not right with the architecture that requires CORS from that domain.
The primary flows relating to Cognito Auth get are redirected to the redirect_url URLs upon success, the flow which requires CORS is usually requesting from a response on success from the server rather than a redirect.
Calling the raw Cognito API URL might be the issue, using the web sdk is the solution which does the heavy lifting for us and puts us into the expected redirect flow.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.