OlegT.09904 (Customer) asked a question.
Bad id_token issuer error - AWS Cognito to OKTA IDP SSO
Hi,
I have set SSO OpenID Between Cognito and OKTA.
Our Webapp -> (OpenID) -> Cognito -> (OpenID) -> OKTA (idp with users)
When we initiate the flow from Webapp, it goes correctly to Okta thrugh Cognito, we are doing login in OKTA, and then returning back to Cognito, but in Cognito we are getting error "Bad id_token issuer". This error is returned to the webapp callback page instead of authorization code.
Same setup works fine in our AWS dev environment in another account and another dev OKTA account.
Probably Cognito fails to open the id_token that it gets from OKTA. Can you help to figure out what is wrong?
I figured out my mistake. In AWS Cognito in Issuer I've set the admin url by mistake. So I fixed mydomain.okta.com instead of mydomain-admin.okta.com.