There seems to be an integration issue between Twitch OAuth2 API and the AWS Cognito Hosted Login page. I’ve created my AWS User Pool and successfully have Facebook, Google, and Amazon integrated and working well.
First, create an AWS Cognito User Pool that requires email as an identifier.
Then configure Twitch as an Open ID (OIDC) provider (Under Federation > Identity Providers):
Configure the Cognito Identity Mapping (Under Federation > Attribute Mapping):
(App Integration > App Client Settings > Launch Hosted UI - link at bottom of page)
When trying to login through the cognito hosted page, I am taken to my auth page with this error:
https://auth.XXXXX.com/?error_description=attributes+required%3A+[email]&error=invalid_request
I have tried adjusting the mapping so that “user:read:email” maps to email, but that gives the same result.
I have also tried “email openid” in the identity provider scope setting. When I do this, I am taken to this error page:
status: 400
message: invalid scope requested: ‘email’
I’ve noticed that in the attempted auth URL above, there is no ‘claims’ attribute. When I modify the URL so that I have:
https://id.twitch.tv/oauth2/authorize?client_id=XXXXXXXX&redirect_uri=https%3A%2F%2FXXXXXX.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=user:read:email&claims={“userinfo”:{“email”:null}}&response_type=code&state=XXXXXXXXXXX
I get the same error page from earlier that states that ‘email’ is a required attribute.
I have set up my UserPool to require email. I could try this using a UserPool that doesn’t require email and that might work, but I really need to have email for each user.
Has anyone gotten AWS Cognito to work with Twitch when their User Pool requires email?