From 233ebcf4c73db25fc103934a0f3cea8cea352a41 Mon Sep 17 00:00:00 2001
From: Lucas Leonardo Soto <lsoto@furonto.com>
Date: Sat, 27 Sep 2025 21:47:18 -0300
Subject: [PATCH] fix(auth): handle custom Cognito domains without appending
 regional suffix

Ensure fullDomainPath uses the custom domain as-is when provided,
falling back to the Cognito-managed domain construction only if
no custom domain exists. This resolves malformed OAuth redirect
URLs when using imported Cognito resources with SSO.
---
 .../backend-auth/src/lambda/reference_auth_initializer.ts     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/backend-auth/src/lambda/reference_auth_initializer.ts b/packages/backend-auth/src/lambda/reference_auth_initializer.ts
index 29e9aa18c3a..f25e0c4ec0a 100644
--- a/packages/backend-auth/src/lambda/reference_auth_initializer.ts
+++ b/packages/backend-auth/src/lambda/reference_auth_initializer.ts
@@ -459,7 +459,9 @@ export class ReferenceAuthInitializer {
 
     // domain
     const oauthDomain = userPool.CustomDomain ?? userPool.Domain ?? '';
-    const fullDomainPath = `${oauthDomain}.auth.${region}.amazoncognito.com`;
+    const fullDomainPath = userPool.CustomDomain
+      ? userPool.CustomDomain
+      : `${oauthDomain}.auth.${region}.amazoncognito.com`;
     const data = {
       signupAttributes: JSON.stringify(
         userPool.SchemaAttributes?.filter(