Amazon Web Services (AWS) Cognito error "Token is not from a supported provider of this identity pool."

Question

I am running this app from GitHub which allows a user to sign up and sign in to a Cognito Client App. I am using Eclipse IDE for Enterprise Java Developers Version: 2019-03 (4.11.0), Build id: 20190314-1200. I have ensured that I put all the necessary credentials accurately. I am able to sign up using both the form and the console.

When I try to sign in, I get an error in the console that says, "Token is not from a supported provider of this identity pool." using both form and console.

I have tried the answers on other posts on stackoverflow similar to this question. The cause of my error is different than the causes in those other posts.

The Console View and the code below are both when I use the form version of the app.

Here is a screenshot of the form:

Here is what the console shows, without the details of the error:

{"sub":"52c99df9-f7ef-42b2-9127-9675ba4e2414","email_verified":false,"iss":"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_d0Y5gS66r","phone_number_verified":true,"cognito:username":"*****","aud":"4feegfdtp0dbt9atu56vruuv37","event_id":"c77eff2c-01ad-42c3-8dac-a4849dc297c6","token_use":"id","auth_time":1560793958,"phone_number":"+***********","exp":1560797558,"iat":1560793958,"email":"********"}

User is authenticated:eyJraWQiOiJ4K1piekppSWN4RjZtbDVENjVSQXAySlBOQ0ROK2FmU3Fpc1BnSDE0c3ZvPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI1MmM5OWRmOS1mN2VmLTQyYjItOTEyNy05Njc1YmE0ZTI0MTQiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX2QwWTVnUzY2ciIsInBob25lX251bWJlcl92ZXJpZmllZCI6dHJ1ZSwiY29nbml0bzp1c2VybmFtZSI6InlhaG9vMDMiLCJhdWQiOiI0ZmVlZ2ZkdHAwZGJ0OWF0dTU2dnJ1dXYzNyIsImV2ZW50X2lkIjoiYzc3ZWZmMmMtMDFhZC00MmMzLThkYWMtYTQ4NDlkYzI5N2M2IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjA3OTM5NTgsInBob25lX251bWJlciI6IisxOTAzMjc2MTA0NiIsImV4cCI6MTU2MDc5NzU1OCwiaWF0IjoxNTYwNzkzOTU4LCJlbWFpbCI6Im9sZS5nbm9sYXVtQGdtYWlsLmNvbSJ9.BqyjJJgOZcQP7yUDd3wDrrK4pNRs8BE8RvBzl2vIz248f3rgQ4fn1cd54azjtlplGkthbB0zA9xcd7gPJzqffd-3wS9RFevxkT4LfSiGF1UXGpIqHH_GhbMHA4dG6nKqBOmInvcn9gR1oblBszdbvUxE1poyP3MLvIi64vRvYm1P2kdikWlXl7qKH_RFivEmRMbpd4xpXH6Gjv3hxE6w2vn4O3oZkwz5eY-djUfbwy_uhItycPB3yZLGS8LU55vkrvyJrzHQLDu1U5AvkHGLZv1H7GveHm36RRwSGH5ZkCrtfkolRBN7wkqq9pGhh3jccqHN6Ml5L3XmH3irFNikfw

provider = cognito-idp.us-east-1.amazonaws.com/us-east-1_d0Y5gS66r

Exception in thread "JavaFX Application Thread"

com.amazonaws.services.cognitoidentity.model.NotAuthorizedException:

Token is not from a supported provider of this identity pool.

(Service: AmazonCognitoIdentity; Status Code: 400; Error Code:

NotAuthorizedException; Request ID:

b295ece8-9128-11e9-bb89-5d1e066e532b)

Here is the code for the sign in button that I press to sign in:

signin_button = new Button("Sign-In");
Label auth_message = new Label("");
signin_button.setOnAction((ActionEvent e) -> {
    String result = helper.ValidateUser(Username.getText(), Password.getText());
    if (result != null) {
        System.out.println("User is authenticated:" + result);
        auth_message.setText("User is authenticated");
        JSONObject payload = CognitoJWTParser.getPayload(result);
        String provider = payload.get("iss").toString().replace("https://", "");

        // Daniel Brower
        System.out.println("provider = " + provider);

        Credentials credentails = helper.GetCredentials(provider, result);


        ShowUserBuckets(credentails);
    } else {
        System.out.println("Username/password is invalid");
        auth_message.setText("Username/password is invalid");
    }

});

The line of code with my name in the comment above it is code I put in myself.

I'm having trouble figuring out from what provider the token is from.

Here is a screenshot of my identity providers page in Cognito Console. I haven't selected any. Nothing says that there is an identity provider.

The error message says "Service: AmazonCognitoIdentity" in it. I think the provider would be Cognito Identity Provider. I even found classes with that name in it.

Answer 1

I had the wrong value for some reason to Cognito Console->Federated Identities->Edit identity pool->Cognito->App client id

I don't know how I got it wrong. I changed it to match the correct one of the Identity Pool.

Answer 2

This issue happens if your Federated Identity configuration is missing on your pool.

Open Federated Identities => Authentication providers

On the Cognito section change values as below

User Pool ID
ex: test:us-east-1_Ab129f000
App client id
ex: test:7lhlkkfbfb4q5kpp90urf000

That should be fix your issue