Amazon Cognito: How to stop getting "redirect_mismatch" error when redirecting from browser to Android app

Question

I am trying to create a Android project where I authorize a user by having him log into Amazon Cognito in a browser, which should then redirect back to my app. Unfortunately, when the browser opens, instead of reaching the proper sign-in page, I keep getting this error:

In my AuthenticatorActivity.java:

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_authenticator);

    Uri authzUrl = Uri.parse("https://<myDomain>.auth.us-west-2.amazoncognito.com/login?response_type=token&client_id=<myClientId>&redirect_uri=myapp://mainAct");
    Intent launchBrowser = new Intent(Intent.ACTION_VIEW, authzUrl);
    startActivity(launchBrowser);
}

In AndroidManifest:

<activity android:name=".MainActivity">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:host="mainAct" android:scheme="myapp"></data>
    </intent-filter>
</activity>

I can't figure out what I am doing wrong here. Am I missing a step?

Answer 1

Ok, I'm leaving a tidbit here for whoever might find it next. I hit this issue exact same issue, but as a newbie to Cognito and IdP/SSO I had no idea how to fix this. Here is what I did to eventually fix this. We were integrating with an external service, and we were getting this error. Under Chrome Developer Tools -> Network, I started to record the URL's visited, then I tried the SSO integration again. There was a URL that showed up in the list which visited Cognito with a redirect to URL. That URL must be the same URL as listed under the Callback URL for Cognito.

Hopefully, this saves someone some time in the future.

Answer 2

Do check your callback url and sign out url. The corect format is :

app_client_name:https://www.myapp.com/

Answer 3

Another silly mistake I did and took me hours to figure it out was the fact that the value of redirectSignIn in aws-exports.js was completely wrong. When you modify the value of this configuration multiple times through Amplify CLI, it appends a comma treating the value as a List giving you something like this

 "redirectSignIn": "http://localhost:3000/,http://localhost:3000/,http://localhost:3000/,http://localhost:3000/",

Unfortunately, the value is treated as a string when used using HostedUI.