Login with Facebook using Cognito is redirecting to URL with an error

Question

I've created a User Poll and connected a Facebook to it. Here is what it looks like in the AWS Console.

I also have set email as a required attribute for signing up.

However, when I visit my hosted login page and click Continue with Facebook, I get redirected back to my page with URL

http://localhost:4200/#error_description=attributes%20required:%20[email]&error=invalid_request

Why is this happening? I've followed all the instructions, and have included email as a scope. I am expecting an access_token in the URL.

Please help. Thanks!

Answer 1

The error message says that the email address is required which indicates that email is a required attribute on your user pool. You have done the correct thing by including the "email" scope but you also have to include the attribute mapping for the provider (Facebook in your case) in the Amazon Cognito console by mapping facebook email to Cognito email attribute. Please give this a shot and let us know if it worked or not.

Answer 2

What caused this issue for me, was that I was requesting an attribute from Facebook, which did not exists. In my case:

picture.size(large) # This does not exists and will cause errors

Facebook then responds with an error to Cognito, and Cognito just tells you that the required attribute email was not in the request. So if you get this error message, the issue is most likely not with the email, but something else which is setup wrong and you therefore get an invalid request

Answer 3

I got a similar issue but I have more attributes listed in my error response:

#error_description=attributes+required%3A+[name%2C+family_name%2C+email%2C+address]&error=invalid_request

You can see the required attributes in the error message in the URL match the required attributes I have in my AWS Cognito User Pool.

Since one can't modify the attributes of an already created User Pool, I had to create a new one with those fields empty as seen below.

After I saved the changes in this new user pool, I updated the domain used by this new user pool in the Facebook dev portal, and I no longer get that error.

Answer 4

Actually, there are two ways to get rid of this error :

#error_description=attributes%20required:%20[email]&error=invalid_request

1st : You have to make your Email as facebook's Primary Contact by going to settings and privacy > General > contact under facebook. This is the most viable step as you are getting this error when you have already set up your cognito user pool which can't be overwritten.

2nd : During setting up Auth and creating the user pool, remove Email as a required attribute.

Always remember that these configurations of user pool can not be overwritten and if you need email as required attribute or change any other setting, you will need to drop the existing user pool and recreate that. So before creating the user pool you must be sure about the configurations you need.

Answer 5

I have gone through similar problem but with a google authentication hope this answer can help someone, solution is we need to provide all necessary Authorize scope under identity providers, name attribute is available under profile scope so that cognito will map those fields (eg: email, name,,) from the social account to its user pool attributes (name, email, etc,.) which you defined at the beginning of creating user pool.

Answer 6

I had an similar error.

error_description=attributes%20required%3A%20%5Bemail%5D&error=invalid_request#=

I solved this by giving "Advanced access" to email permission in my Facebook developer account.

You can find this going to "Facebook Developer App Dashboard -> App Name -> App Review - My Permissions and Features"

Answer 7

I've been able to get this error to occur by creating an account for my app. Then going into facebook, going to the settings for the app and telling it to not allow email to be sent. The wonky thing is that cognito doesn't seem to know to ask for the email again. I was able to readd the setting by visiting (https://developers.facebook.com/tools/explorer/?method=GET&path=me%3Ffields%3Did%2Cname%2Cemail&version=v6.0) and requesting the token again. It caused a popup saying that my app was requesting my email. Once I accepted, the setting was back in facebook settings and the app worked correctly. I don't know if Cognito is too stupid to re-request the scope again when asking for the information.

Answer 8

I was getting the same error, I solved this error by checking the implicit option. Here you have...