diff --git a/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts b/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts index 7371c31b91a..f1a7b596f7d 100644 --- a/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts +++ b/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts @@ -192,6 +192,17 @@ describe('signInWithRedirect', () => { ); }); + it('uses idpIdentifier when specified', async () => { + const expectedIdpIdentifier = 'example.com'; + await signInWithRedirect({ + provider: { idpIdentifier: expectedIdpIdentifier }, + }); + const [oauthUrl] = mockOpenAuthSession.mock.calls[0]; + expect(oauthUrl).toStrictEqual( + `https://oauth.domain.com/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&response_type=code&client_id=userPoolClientId&idp_identifier=${expectedIdpIdentifier}&scope=phone+email+openid+profile+aws.cognito.signin.user.admin&state=oauth_state&code_challenge=code_challenge&code_challenge_method=S256`, + ); + }); + it('uses custom state if specified', async () => { const expectedCustomState = 'verify_me'; await signInWithRedirect({ customState: expectedCustomState }); diff --git a/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts b/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts index e327769ab69..1a035b448cc 100644 --- a/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts +++ b/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts @@ -51,17 +51,21 @@ export async function signInWithRedirect( } let provider = 'COGNITO'; // Default + let idpIdentifier: string | undefined; if (typeof input?.provider === 'string') { provider = cognitoHostedUIIdentityProviderMap[input.provider]; } else if (input?.provider?.custom) { provider = input.provider.custom; + } else if (input?.provider?.idpIdentifier) { + ({ idpIdentifier } = input.provider); } return oauthSignIn({ oauthConfig: authConfig.loginWith.oauth, clientId: authConfig.userPoolClientId, provider, + idpIdentifier, customState: input?.customState, preferPrivateSession: input?.options?.preferPrivateSession, options: { @@ -77,6 +81,7 @@ export async function signInWithRedirect( const oauthSignIn = async ({ oauthConfig, provider, + idpIdentifier, clientId, customState, preferPrivateSession, @@ -85,6 +90,7 @@ const oauthSignIn = async ({ }: { oauthConfig: OAuthConfig; provider: string; + idpIdentifier?: string; clientId: string; customState?: string; preferPrivateSession?: boolean; @@ -117,10 +123,17 @@ const oauthSignIn = async ({ ['redirect_uri', redirectUri], ['response_type', responseType], ['client_id', clientId], - ['identity_provider', provider], - ['scope', scopes.join(' ')], ]); + // Add either identity_provider or idp_identifier, but not both + if (idpIdentifier) { + params.append('idp_identifier', idpIdentifier); + } else { + params.append('identity_provider', provider); + } + + params.append('scope', scopes.join(' ')); + loginHint && params.append('login_hint', loginHint); lang && params.append('lang', lang); nonce && params.append('nonce', nonce); diff --git a/packages/auth/src/types/inputs.ts b/packages/auth/src/types/inputs.ts index 3f23e784312..89243ddb743 100644 --- a/packages/auth/src/types/inputs.ts +++ b/packages/auth/src/types/inputs.ts @@ -69,7 +69,10 @@ export type AuthProvider = 'Amazon' | 'Apple' | 'Facebook' | 'Google'; export type AuthPrompt = 'NONE' | 'LOGIN' | 'CONSENT' | 'SELECT_ACCOUNT'; export interface AuthSignInWithRedirectInput { - provider?: AuthProvider | { custom: string }; + provider?: + | AuthProvider + | { custom: string; idpIdentifier?: never } + | { idpIdentifier: string; custom?: never }; customState?: string; options?: { /**