Amplify-cli: Custom domain support with Cognito

Created on 22 Jul 2019 · 13Comments · Source: aws-amplify/amplify-cli

Describe the bug
We configured custom domain for cognito hosted UI and when user tries to login it calls both cognito domain (ending up with invalid_grant error) and to custom domain (success response) and sometimes it fails for both of them. When I run "amplify status" it gives Hosted UI endpoints with cognito domain. I tried to update the domain name using "amplify update auth" and it doesn't allow me to update custom domain name. I tried to override auth configurations in my App.js file with custom domain but somehow it still calls both cognito domain and custom domain.

*Screenshots

*

You can turn on the debug mode to provide more info for us by setting window.LOG_LEVEL = 'DEBUG'; in your app.

auth feature-request

Source

venkatesh-kadiyala

👍6

Most helpful comment

Vote +1 for feature implementation

sandeepsdixit on 20 Jan 2020

👍11

All 13 comments

@venkatesh-kadiyala CLI doesn't have custom domain support as of yet. How did you update your user-pool with your custom domain?

kaustavghosh06 on 25 Jul 2019

😕1

@kaustavghosh06 Updated through console.

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html#cognito-user-pools-add-custom-domain-adding

venkatesh-kadiyala on 25 Jul 2019

@venkatesh-kadiyala How have you modified your aws_exports.js file? Could we get a snippet of it which would help us debug this issue better?

kaustavghosh06 on 1 Aug 2019

@kaustavghosh06
Please see below aws_exports.js file. Somehow I solved it by removing cognito domain directly from console. This solved my problem but still the cognito domain is referencing in aws-exports.js. It doesn't allow me to update through amplify CLI. I did update the callback URL's using amplify update auth.

// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.

const awsmobile = {
"aws_project_region": "us-east-1",
"aws_cognito_identity_pool_id": "us-east-1:xxxxxxxxxxxx",
"aws_cognito_region": "us-east-1",
"aws_user_pools_id": "us-east-1_xxxxxxxxx",
"aws_user_pools_web_client_id": "xxxxxxxxxxxxxxxx",
"oauth": {
"domain": "clips-xxxx-dev.auth.us-east-1.amazoncognito.com",
"scope": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin"
],
"redirectSignIn": "https://dev.clips.xxxxx.com/",
"redirectSignOut": "https://auth.dev.clips.xxxxx.com/login?response_type=code&client_id=4lexxxxxxxxxxxxx&redirect_uri=https://dev.clips.xxxxxx.com/",
"responseType": "code"
},
"federationTarget": "COGNITO_USER_POOLS",
"aws_appsync_graphqlEndpoint": "https://ohpssu4ybjbgtgyxxxxxxxxxxx.appsync-api.us-east-1.amazonaws.com/graphql",
"aws_appsync_region": "us-east-1",
"aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
"aws_user_files_s3_bucket": "xxxx-xxxxx-dev",
"aws_user_files_s3_bucket_region": "us-east-1",
"aws_mobile_analytics_app_id": "4cxxxxxxxxxx",
"aws_mobile_analytics_app_region": "us-east-1"
};

export default awsmobile;

venkatesh-kadiyala on 5 Aug 2019

Vote +1 for feature implementation

sandeepsdixit on 20 Jan 2020

👍11

Vote +1, critical feature for any production app, otherwise would be frown upon by customers if they see Amazon Cognito as domain when clicking google/facebook login

xitanggg on 7 Apr 2020

👍4

+1 am currently facing the same issue - overwriting the domain in aws-exports when running Amplify.configure() on my react-app based on the environment thats deployed

yashutanna on 7 May 2020

Any update on this one? What is the best work around for this at the moment?

BR,
Kyle

kylekirkby on 9 May 2020

I worked around this by adding something like this:

import config from "./aws-exports";
// Update Cognito Settings
config.oauth.domain = "staging.auth.xxxxx.app";
Amplify.configure(config);

kylekirkby on 10 May 2020

👍2

Is there a way to convince amplify of an updated auth domain? It reverts to my old domain any time I amplify push.

devth on 18 May 2020

👍1

I use @kylekirkby's workaround setting the domain from an environment variable and it's working great.

ianmartorell on 12 Aug 2020

As @devth said it seems to revert even with amplify pull / push, so the best for now is to override.

Blkc on 5 Oct 2020

I ran into this issue by accidentally updating the domain settings in the Cognito UI - unaware it wasn't supported. My aws-exports.js file reverted to this content, and I was unable to continue with development.

{
    ...,
    "oauth: {},
    ...
}

The env override method didn't work for me, but the following did (Note: this method does not support fully custom domains either).

$ amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource.  Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation
 What do you want to do? Apply default configuration with Social Provider (Federation)
 What domain name prefix do you want to use? my-custom-cognito-domain
 Enter your redirect signin URI: <redirect uri>
? Do you want to add another redirect signin URI No
 Enter your redirect signout URI: <redirect signout uri>
? Do you want to add another redirect signout URI No


...

$ amplify push

You will now get aws-exports oauth settings that look like:

{
    ...,
    "oauth": {
        "domain": "my-custom-cognito-domain-<Amplify ENV>.auth.<Amplify Region>.amazoncognito.com",
        "scope": [
            "phone",
            "email",
            "openid",
            "profile",
            "aws.cognito.signin.user.admin"
        ],
        "redirectSignIn": ...,
        "redirectSignOut": ...,
        "responseType": "code"
    },
    ...
}

This was able to unblock my development, but its a bandaid solution for sure. Hopefully we can get custom domain support soon.