The logins value corresponds to the issuance url, in OpenID connect standard it is allowed to be a url with path components. So either of those patterns should be valid. So make sure you use one of these patterns when you're defining your provider. Ref: https://docs.aws.amazon.com/cli/latest/reference/iam/create-open-id-connect-provider.html#options
It states:
The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com . The URL should not contain a port number.
You cannot register the same provider multiple times in a single Amazon Web Services account. If you try to submit a URL that has already been used for an OpenID Connect provider in the Amazon Web Services account, you will get an error.
Then you can try setting the logins value in your code to one of these patterns. Which should now be accepted because it matches the provider name. For example:
const creds = new fromCognitoIdentityPool({
clientConfig: { region: REGION },
identityPoolId: 'ap-northeast-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
logins: {
'https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/v2.0/': payload.idToken
}
});