Issuer metadata error when creating a new connection via the Management API

Hi,

I’m trying to create a new OpenID Connect connection with Cognito. I’m getting the following error about missing metadata attributes that are in request:

{
“statusCode”: 400,
“error”: “Bad Request”,
“message”: “Issuer metadata missing the following attributes: issuer, authorization_endpoint, jwks_uri”,
“errorCode”: “invalid_body”
}

Here’s the request with some data obfuscated:

{
“name”: “cognito-connection-apiCreated”,
“display_name”: “Cognito OIDC API Created”,
“strategy”: “oidc”,
“options”: {
“set_user_root_attributes”: “on_each_login”,
“client_id”: “”,
“scope”: “profile email openid”,
“upstream_params”: {
“client_secret”: {
“value”: “”
}
}
},
“metadata”: {
“issuer”: “https://cognito-idp.us-east-1.amazonaws.com/us-east-1_genscj3V4”,
“authorization_endpoint”: “https://otts-vitro-customer-domain.auth.us-east-1.amazoncognito.com/oauth2/authorize”,
“jwks_uri”: “https://cognito-idp.us-east-1.amazonaws.com/us-east-1_genscj3V4/.well-known/jwks.json
}
}

Any idea what’s wrong? Also, is this any easier to work with through the Node.js or Go SDK?

Thanks!
Brian

Hi @brian.otts,

Welcome to the Auth0 Community!

Can you try to pass them as part of the options object? That is how they are being returned if I get an OIDC connection.

Hi @dan.woda,

Thanks for the reply. I tried that and got this error:
{
“statusCode”: 400,
“error”: “Bad Request”,
“message”: “Unrecognized options: metadata”,
“errorCode”: “invalid_body”
}

It may end up being easier to use Terraform here instead.

Ahh, I see. I actually added a metadata element with issuer, authorization_endpoint, and jwks_uri, but it just needed to be directly in option, e.g. options.issuer, options.jwks_uri, etc. When it said “Issuer metadata missing,” I thought it meant that it needed a metadata object in options, e.g. options.metadata.issuer, etc. Thanks for the help!

1 Like

Glad you got it sorted!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.