This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 20%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Hello,
We recently started using Amazon Congito for our user auth, but we're having an issue on having it work with an Azure bot service.
Here's the OAuth connection settings on the bot side:
Authorization URL: https://....amazoncognito.com/oauth2/authorize
Token URL: https://....amazoncognito.com/oauth2/token
Refresh URL: https://....amazoncognito.com/oauth2/refresh-token
Upon a successful auth, the returned token from Cognito is as follows:
Access Token: eyJraW….
Token Type: Bearer
id_token: eyJraW….
expires_in: 21600
What happens is: the bot caches the access token whereas we need the identity token to make calls to our api.
@Mohamed Berrada From the list of supported OAuth connection providers AWS cognito is not supported currently. More details are available here. Are you using Oauth2 generic provider for the settings and added cognito auth, token and refresh URLs?
@romungi-MSFT Indeed, the OAuth flow goes through successfully, the only issue here is that the bot caches the access token but we need to have access to the identity token (that is also returned in the payload).
@Mohamed Berrada After checking with our bot framework team it looks like there no direct way for the token service to store tokens other than the “access token” property (all the other properties are ignored if that one is present). Returning multiple tokens would be a significant change in the current SDK.
One workaround could be to develop a custom proxy service layer in between our token service and the identity provider that you are calling. The Bot Service token service would call this proxy, and the proxy would make the actual service-to-service calls to the AWS identity provider. Your proxy would then have access to the id token, and could return a result to the token service where it has put the id token in as the access token field (assuming you don’t need both tokens).