Secure Kong Developer Portal using OIDC with Cognito

Hello, I’m trying to secure the Developer Portal using OIDC with Cognito.

I have followed the instructions from the official documentation:

I have User Pool and User Pool Client set up in Cognito

Here’s my OIDC plugin configuration

  "scopes": [
  "logout_methods": [
  "consumer_by": [
  "logout_query_arg": "logout",
  "login_action": "redirect",
  "consumer_claim": [
  "login_redirect_mode": "query",
  "logout_redirect_uri": [
  "leeway": 100,
  "client_id": [
  "login_redirect_uri": [
  "ssl_verify": false,
  "forbidden_redirect_uri": [
  "login_tokens": {},
  "issuer": "https://<COGNITO_IDP_DOMAIN>/.well-known/openid-configuration",
  "redirect_uri": [

Now, with that configuration Kong redirects me to Cognito and when I pass valid credentials, Cognito redirects me back to the redirect_uri with authorization_code:




This is where I’m stuck. Kong isn’t exchanging the authorization_code for a token.

Do you have any ideas what am I missing?

Hi @bartek Please take a look at instructions in the documentation for enabling OIDC for dev portal here: Enable OpenID Connect in the Dev Portal - v2.7.x | Kong Docs. There may be subtle differences from the documentation you referred to and the best source is the documentation found under Kong Dev Portal section that I am sharing here.

Hey @theo.yeager Thank you for your response! I tried with the Dev Portal with no luck either.

Actually, I ended up with the very same error returned from Kong. I tried exchanging the authorization_code for the token manually by calling Cognito and it returned the token.

So I guess, this is some configuration thing, but I’m not sure what :confused:

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ