Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Passport + Google OAuth2 + AWS Cognito

See original GitHub issue

Hi there

I’m getting this NotAuthorizedException: Invalid login token. Not a valid OpenId Connect identity token.

when trying to use the accessToken you return to create an Identity on Cognito, any ideas?

I found on AWS forum this

UPDATE: Finally figured out the issue. The token I was using was incorrect. It should be id_token that is returned from Google and not the access_token or refresh_token.

any ideas of what that could be or how it could be fixed?

thanks!

Issue Analytics

State:
Created 7 years ago
Comments:6

Top GitHub Comments

6reactions

bwltcommented, Jun 23, 2017

Found a solution! The correct token to use is not the standard accessToken inside the verify function (second argument) of the strategy:

passport.use(new GoogleStrategy({
    clientID:     GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL:  CALLBACK_URL,
  },
  (accessToken, refreshToken, params, profile, done) => {
    process.nextTick(() => done(null, {
      accessToken,
      refreshToken,
      idToken: params.id_token,
      profile
    }))
  }
))

you can find the correct token id_token in the params argument.

Hope it helps

0reactions

Jukakombocommented, May 19, 2020

passport.use(new GoogleStrategy({ clientID: process.env.CLIENT_ID, clientSecret: process.env.CLIENT_SECRET, callbackURL: “”, userProfile:“https://www.googleapis.com/oauth2/userinfo” }, function(accessToken, refreshToken, profile, cb) { User.findOrCreate({ googleId: profile.id }, function (err, user) { return cb(err, user); }); } ));

Top Results From Across the Web

Set up Google as a social identity provider in an Amazon ...

I want to use Google as a federated identity provider (IdP) in an Amazon Cognito user pool. How do I set that up?...

How to use AWS Cognito as a provider in Passport?

It's possible to use both User Pools and Identity Pools via OAuth. Cognito even has a self-hosted UI, with own domain & branding...

passport-cognito-oauth2 - npm

Passport strategy for authenticating and fetching profile data from AWS Cognito User pools using OAuth2 and the Amazon SDK.

OAUTH 2.0 EXPLAINED IN SIMPLE WORDS (demo with ...

... for authorization and authentication. Learn the difference between Oauth and OpenId. And a demo with Amazon Cognito README /...

Amazon Cognito vs Passport | What are the differences?

You can create unique identities for your users through a number of public login providers (Amazon, Facebook, and Google) and also support unauthenticated ......