I have created "Salesforce" login using the OpenID Connect in AWS Cognito. Now after setting everything when I login user using Cognito Hosted UI and after that user successfully login it redirect back to my redirect_url and it comes with a code that I exchange it with this endpoint
$url = {MY_COGNTIO_DOMAIN}/oauth2/token
$data = [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => "COGNITO_CLIENT_ID",
'client_secret' => "COGNITO_CLIENT_SECRET",
'code' => $code,
'redirect_uri' => $redirectUri,
],
];
post request($data)
now this post reqeust returns the id_token, and access_token. This is valid token and also my user got registered automatically on User Pool.
Now my issue is that when I login a user without Cognito Hosted UI and it came back to my redirect_url after success login but when i run the exchange api with previous post data it does not work.
I have to change the client_id and client_secrect from Cognito to Salesforce. also the Endpoint needs to be change
$url = https://login.salesforce.com/services/oauth2/token
$data = [
'form_params' => [
'grant_type' => 'authorization_code',
'client_id' => "SALESFORCE_CLIENT_ID",
'client_secret' => "SALESFORCE_CLIENT_SECRET",
'code' => $code,
'redirect_uri' => $redirectUri,
],
];
post request($data)
then it returns the id_token, and access_token but this access_token is not valid like it does not contains the user pool registerd data also in this way my user does not registerd automatically.
Kindly suggest what should I do. I have already spent alot time on this.
So by using the Hosted UI it works fine but when I do login programatically then it works but the token is not a valid user pool token