Hello @Pascal Liu , thank you for reaching out. Based on the details shared above, I did check the backend logs using the correlationID and timestamp and I did see a mismatch in the Redirect_URIs, the one sent in the request and the ones configured in your app registration.
From the backend logs what I found is:
- AppID: 75b18685-d413-4ff5-8f5d-2241da947552
- App DisplayName: AWS Cognito SSO App
- Redirect_URI in request: https://cyconia.auth.eu-west-3.amazoncognito.com/oauth2/idpresponse
Redirect_URIs configured in App Registration in AAD:
- ReplyAddressValue:https://www.pldev.fr/auth
- ReplyAddressValue:https://www.pldev.fr/auth/oidc
- ReplyAddressValue:https://www.pldev.fr
- ReplyAddressValue:https://cyconia.auth.eu-west-3.amazoncognito.com/login
- ReplyAddressValue:https://cyconia.auth.eu-west-3.amazoncognito.com The following redirect_URI present in the request i.e
https://cyconia.auth.eu-west-3.amazoncognito.com/oauth2/idpresponse
is nowhere available in the list of the reply_urls configured in the App Registration.
To fix this issue, either you update the request with the right redirect_url or you add the redirect_url present in your current request into the reply_url section of your app registration. The bottom line is the reply_url/redirect URI being sent in the request should always match with the redirect_url/rely_url configured in the app registration in AAD.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.