So i’m currently trying to add twitter as a login provider in AWS user pool using openID ( oauth2 )
but i seem to encounter a couple of problems :
- cognito wants us to add openId as a scope and twitter app fails when its added as a scope
- cognito seems to construct the authorization url without the percentage encoding
- twitter seems to return a 400 error redirect uri is requested
- cognito doesn’t seem to add the code_challenge parameter to the url too
https://twitter.com/i/oauth2/authorize?client_id=REJhXzduLW5PYVBHYUhZRmNFNEE6MTpjaQ&redirect_uri=https%3A%2F%2Ftwitter-oauth2.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=users.read+offline.access+openid&response_type=code&state=H4sIAAAAAAAAAJVSy3LaQBD8F50NSAIpwI2gAAIjwIANpFKp9WosrdiH2AdgUvn3rCCkfPAll62d7p6Zrpn55RgFci4EjVOna4MaIKVr3k_RG6hnlrmB8-CUUhxJCjJBDKxodSJag7QEpgS4vma2Djot2x5WftsABC33EJZuKWSwtzoJKZGA9fopttJc61J1Gw19q1MTyOjcr1dv_Z-BOmLoIjgWGSda1LFgjZuuQdJSgioFV3Atffuu3svKGxYpfHD8F53FUd-iCosSlNP97gBDhFrExpykzg_LaaStlBtKH65V-jmiFHj2OTgFnYv0TnFrtOozZhNvuGl-DaMMDxZ0m7i7cErcwdN0xbfDTqy2zQLvFoW3Hyf7STRmGxLIETnvovJ4LsIXPO8bv4j2rR2T30bTydiY9_h4BnM4LWbT_HnS_jLkGy8KTFLQPKkhvlS9GF6HbyPWXg9eyLp43PjLmTFAz5NsXouHrCjEtn1JkiYEl44edcYuukSLUzUOkEeQI6H0XEht7f_nQqoDkIA0EXxFGCwBC57a8Xph0Gx6YeiHVQ-lLH8fVHVsPa0leTW62sQNvc5-IOQj4XvCs-U95w1RBb__ANi6uN-jAgAA.H4sIAAAAAAAAAFujIWS2fq2e5m5TDc1pc6O7N2naX013t5m7eI6avfFB3VcAgmE6uiAAAAA.4
1 Like
Thanks for reaching out yet. We don’t have OpenID support quite yet, but this is something we are looking to provide in the future.
2 Likes
[quote=“SidebenchDev, post:1, topic:171764, full:true”]
So i’m currently trying to add twitter as a login provider in AWS user pool using openID ( oauth2 )
but i seem to encounter a couple of problems :
- cognito wants us to add openId as a scope and twitter app fails when its added as a scope
- cognito seems to construct the authorization url without the percentage encoding
- twitter seems to return a 400 error redirect uri is requested
- cognito doesn’t seem to add the code_challenge parameter to the url too
https://twitter.com/i/oauth2/authorize?client_id=REJhXzduLW5PYVBHYUhZRmNFNEE6MTpjaQ&redirect_uri=https%3A%2F%2Ftwitter-oauth2.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=users.read+offline.access+openid&response_type=code&state=H4sIAAAAAAAAAJVSy3LaQBD8F50NSAIpwI2gAAIjwIANpFKp9WosrdiH2AdgUvn3rCCkfPAll62d7p6Zrpn55RgFci4EjVOna4MaIKVr3k_RG6hnlrmB8-CUUhxJCjJBDKxodSJag7QEpgS4vma2Djot2x5WftsABC33EJZuKWSwtzoJKZGA9fopttJc61J1Gw19q1MTyOjcr1dv_Z-BOmLoIjgWGSda1LFgjZuuQdJSgioFV3Atffuu3svKGxYpfHD8F53FUd-iCosSlNP97gBDhFrExpykzg_LaaStlBtKH65V-jmiFHj2OTgFnYv0TnFrtOozZhNvuGl-DaMMDxZ0m7i7cErcwdN0xbfDTqy2zQLvFoW3Hyf7STRmGxLIETnvovJ4LsIXPO8bv4j2rR2T30bTydiY9_h4BnM4LWbT_HnS_jLkGy8KTFLQPKkhvlS9GF6HbyPWXg9eyLp43PjLmTFAz5NsXouHrCjEtn1JkiYEl44edcYuukSLUzUOkEeQI6H0XEht7f_nQqoDkIA0EXxFGCwBC57a8Xph0Gx6YeiHVQ-lLH8fVHVsPa0leTW62sQNvc5-IOQj4XvCs-U95w1RBb__ANi6uN-jAgAA.H4sIAAAAAAAAAFujIWS2fq2e5m5TDc1pc6O7N2naX013t5m7eI6avfFB3VcAgmE6uiAAAAA
thank you Jessica for the fast reply
so there’s currently no way to authenticate a user using twitter on aws cognito? i cant seem to find any proper documentation on the subject whatsoever, neither on twitter nor on aws, is it doable ?
1 Like
I think not quite yet but we are moving in that direction.
I have a demo of making the Github Auth API conform to the Cognito OIDC API here: zinc/cognito-github.md at main · shorn/zinc · GitHub
It’s based off this repo here: GitHub - TimothyJones/github-cognito-openid-wrapper: Small shim that allows AWS Cognito to talk to github (by providing an OpenID wrapper around the Github API)
You might be able to use the same approach to make the Twitter auth API conform to the Cognito OIDC requirements.
I am currently working on implementing “direct” Twitter Auth into the Zinc repo, after that I will likely have a go at writing another Lambda to act as a twitter-cognito-oidc shim.
1 Like
I think not quite yet but we are moving in that direction.
Is there any publicly available roadmap or commitment to that? (i.e. something I can track?)
And how long will Twitter support the old style of authentication (I would assume for a long time)?
I’m in the middle of implementing authentication of the old style of myself, and it’s pretty annoying (I know there are reasons why it is the way it is, but that doesn’t change the fact that it’s an annoying, unnecessary, maintenance burden).
If something more usable (i.e. OIDC support) is coming down the pipe, it probably makes sense for me to put the current implementation on hold and just wait for the new.
Thanks, @shorn_acc2! We have discussed adding OIDC support to our public roadmap, but I’m not sure where that landed, so I’ll follow up with the team. At this point, I don’t have an ETA or a timeline yet. I’m sure the old style of authentication would still work or be around for a while before any sort of depreciation. You can stay informed on product updates/changes.
@shorn_acc2 I talked to the team and learned that OIDC is tracked on this item on the roadmap. Sorry for any confusion there.
2 Likes
system
Closed
#11
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
