[Bug]: Incompatible client_id for Google OAuth in AWS Cognito Identity Pool #39560
Labels
bug
Addresses a defect in current functionality.
service/cognitoidp
Issues and PRs that pertain to the cognitoidp service.
Terraform Core Version
1.5.5
AWS Provider Version
5.69.0
Affected Resource(s)
There is an error when trying to integrate Google OAuth with
aws_cognito_identity_pool
using the client_id from Google’s OAuth credentials.Problem Overview:
When setting up Google OAuth as a login provider for an
aws_cognito_identity_pool
, the client_id obtained from Google Cloud Console (for example, 123456789012.apps.googleusercontent.com) causes the following error:"client_id must contain only alphanumeric characters and underscores"
However, this is the official OAuth Client ID format from Google, and Cognito expects this value when integrating Google OAuth. This issue arises due to the restriction that
aws_cognito_identity_pool
imposes on the client_id, where only alphanumeric characters and underscores are allowed. This limitation conflicts with the structure of Google’s OAuth Client IDs, which include periods and hyphens.Error Output:
Expected Behavior
The
aws_cognito_identity_pool
should accept Google’s OAuth Client ID format without throwing an error, allowing integration of Google OAuth for user login.In AWS Console and CDK is supported.
Actual Behavior
The Identity Pool rejects the Google client_id due to non-alphanumeric characters such as periods (.) and hyphens (-), even though this is the official format used by Google for OAuth Client IDs.
OAuth Client ID Format: Google uses xxx.apps.googleusercontent.com, which is not compliant with the restrictions currently imposed by AWS Cognito Identity Pool.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No
The text was updated successfully, but these errors were encountered: