AWS Cognito OAuth

Description

I have a Rokcetchat instance running and i want to use AWS Cognito as a OAuth Provider.
It should work but there is one problem as shown in the logs below.

Server Setup Information

  • Version of Rocket.Chat Server: 3.14.1
  • Operating System: Ubuntu 20.04, microk8s-Cluster
  • Deployment Method: docker/kubernetes
  • Number of Running Instances: 1
  • DB Replicaset Oplog: activated
  • NodeJS Version: v12.22.1
  • MongoDB Version: 4.0.24
  • Proxy: traefik
  • Firewalls involved: no

Any additional Information

{"line":"405","file":"oauth_server.js","message":"Error in OAuth Server: Failed to fetch identity from amazon at https://cxde-sso.auth.eu-west-1.amazoncognito.com/oauth2/userInfo. failed [401] {\"error\":\"invalid_token\",\"error_description\":\"Access token does not contain openid scope\"}","time":{"$date":1621586869805},"level":"warn"}
Exception while invoking method login Error: Failed to fetch identity from amazon at https://cxde-sso.auth.eu-west-1.amazoncognito.com/oauth2/userInfo. failed [401] {"error":"invalid_token","error_description":"Access token does not contain openid scope"}

Hi.

I can see you are chatting on this link in open.rocket:

Probably best to continue there.