Hello, I’m trying to secure the Developer Portal using OIDC with Cognito.
I have followed the instructions from the official documentation: https://docs.konghq.com/gateway/2.7.x/configure/auth/oidc-cognito/
I have User Pool and User Pool Client set up in Cognito
Here’s my OIDC plugin configuration
{
"scopes": [
"openid",
"profile",
"email"
],
"logout_methods": [
"GET"
],
"consumer_by": [
"username",
"custom_id",
"id"
],
"logout_query_arg": "logout",
"login_action": "redirect",
"consumer_claim": [
"email"
],
"login_redirect_mode": "query",
"logout_redirect_uri": [
"https://<COGNITO_DOMAIN>/logout?client_id=<CLIENT_ID>&logout_uri=<KONG_URI>:8446/default"
],
"leeway": 100,
"client_id": [
"<CLIENT_ID>"
],
"login_redirect_uri": [
"https://<KONG_URI>:8446/default"
],
"ssl_verify": false,
"forbidden_redirect_uri": [
"https://<KONG_URI>:8446/default/unauthorized"
],
"login_tokens": {},
"issuer": "https://<COGNITO_IDP_DOMAIN>/.well-known/openid-configuration",
"redirect_uri": [
"https://<KONG_URI>:8447/default/auth"
]
}
Now, with that configuration Kong redirects me to Cognito and when I pass valid credentials, Cognito redirects me back to the redirect_uri with authorization_code:
GET
https://<KONG_URI>:8447/default/auth?code=4310d8a4-30e8-4d24-97ba-57198ceff7c2&state=fG-v6C6umwzc1wpl1XRUdhZk
Response:
401
{"message":"Unauthorized"}
This is where I’m stuck. Kong isn’t exchanging the authorization_code for a token.
Do you have any ideas what am I missing?