What to put in the callback URL of Cognito user pool app client for account linking with FB Messenger?

Question

I am trying to set up account linking between a FB Messenger bot and AWS Cognito user pool using OAuth.

I have used Messenger account linking button template and pointed it to my Cognito domain login endpoint. Then set the callback URL in Cognito app client as https://facebook.com/messenger_platform/account_linking/ since that is what Messenger sends.

I keep getting a "redirect_mismatch" error from Cognito. I have observed that the redirect URI appended by Messenger while login has a query string parameter called "account_linking_token". Does that have something to do with it? Since the account_linking_token is dynamic and changes with every request.

What am I doing wrong here?

Answer 1

You are getting this error because the Redirect URI in Cognito isn't 1:1 with the URI that you are obtaining with the dynamic query string parameter. Currently, Cognito does not support Regex or pattern-based strings in the Callback/Redirect URI.

If you do not have a Callback URI that is rock-solid and isn't prone to change, you would not be able to achieve your functionality with Amazon Cognito.

Hence, you would get the "redirect_mismatch" error that you are seeing, and there is no Cognito quirk that can avert this.