#✅ - Invalid State

Hi, I am building a Flutter app and having problem with the social logins. When I try logining in with google the web ui opens and I enter the email and password. Then the user is created in the user management in Amplify but instead of returning to the application I face the following error:

I am almost certain that I followed every step correctly in the tutorial. I have been trying to solve this issue for a week now. I would appreciate any help or advice. Thanks

Hi @runic ocean, sorry this message was missed. Can you share the code you're running to sign in the user?

Hi @stone ledge,
Future<bool> signInWithGoogle() async {
await LogoutRepository.logoutUser();
try {
final result = await Amplify.Auth.signInWithWebUI(provider: AuthProvider.google);
print('Result: $result');
print('Result(bool): ${result.isSignedIn}');
return result.isSignedIn;
} on AmplifyException catch (e) {
print(e.message);
}
return false;
}

The error happens on this line:
final result = await Amplify.Auth.signInWithWebUI(provider: AuthProvider.google);

This is my configuration file

I am sure that the AWS auth google clientID and secret is correct.

And also, I tested to login on chrome (web ui) with google sign-in and as I entered email and pass. It directed me to this invalid state page BUT the user is created in the "User Management" tab in the Amplify console.

Your sign in/out redirect URIs currently list your amazoncognito.com URL but it should only be myapp:// when developing for iOS/Android.

The amazoncognito.com URL you have listed needs to be added to the Google project in the Cloud Console instead.

It should look like this in Google Cloud

I already had this

In "Authentication" tab I had it like this, I was just the second one but then I tried with "myapp://" also
@stone ledge

And what would be reason for this? Shouldn't aws redirect us to some web page instead of "Invalid state" error?

Versions:
amplify_api: ^0.6.13
amplify_flutter: ^0.6.13
amplify_datastore: ^0.6.13
amplify_auth_cognito: ^0.6.13
amplify_storage_s3: ^0.6.13
amplify_authenticator: ^0.2.5

I tried changing some things to solve the issue and this is a different error I faced. I am not sure if this makes sense
Error message: flutter: User cancelled the signIn flow and could not be completed. after "Cancel"ing and closing the webui.

Ah that could be the issue. v0 of Amplify Flutter had some difficulties when multiple URLs were present in the sign in/sign out.

Can you try upgrading to v1 like this?

dependencies:
  amplify_api: ^1.0.0
  amplify_flutter: ^1.0.0
  amplify_datastore: ^1.0.0-supports-only-mobile.0
  amplify_auth_cognito: ^1.0.0
  amplify_storage_s3: ^1.0.0
  amplify_authenticator: ^1.0.0

I tried that too, just right now again. This is the error message: (the webui is not even opening)

with these versions

Thanks for doing that. It all looks correct. Hmm...

Can you try this?

  await Amplify.Auth.signInWithWebUI(
    provider: AuthProvider.google,
    options: const SignInWithWebUIOptions(
      pluginOptions: CognitoSignInWithWebUIPluginOptions(
        isPreferPrivateSession: true,
      ),
    ),
  );

I tried but didn't work. Same error.

Some additional information that might be necessary:
Flutter 3.7.10 • channel stable • https://github.com/flutter/flutter.git Framework • revision 4b12645012 (3 weeks ago) • 2023-04-03 17:46:48 -0700 Engine • revision ec975089ac Tools • Dart 2.19.6 • DevTools 2.20.1

Is it working in Chrome now when you try signing in?

To check, go to your Cognito console again, to the "App Integration" tab and click on the app client (the one not ending in "web"). Halfway down the page, there's a section called "Hosted UI" and from there click on "View Hosted UI"

In the following: App client: xxxx0bd66d15_app_client
I did exactly what you said and the google login works (email and pass can be entered). Then I am directed to "Invalid state" BUT the user is created in "User Management" tab.

Okay, so something seems not right with the Cognito settings

Did you set up your backend using the Amplify CLI?

yes

Can you send me an image of your Hosted UI pane?

This is for app_client

Thanks. And if you go back to the main user pool console and click on the "Sign-In Experience" tab, under the "Federated identity provider sign-in" pane, can you click on "Google" and send me an image of that screen?

Okay, so that looks correct. It appears the App client might be incorrect, though. In the app client's Hosted UI pane, under "OpenID Connect scopes" it seems there is a scope missing. Can you try editing the settings and add the value aws.cognito.signin.user.admin to the list of OIDC scopes?

Thanks for your patience. I've never seen this error before!

Added it and tested with "View Hosted UI" and the same things happened (created user but directed to Invalid state"

Thank you for helping I hope we can solve it.

Me too. Another thing looks off. Under "OAuth grant types", you have both the Authorization code grant and Implicit grant, but it should be only the Authorization code grant. Can you try updating that?

And can you update the sign-in/sign-out URLs to only have myapp://

Like this?

Yep 👍

Hmm okay something changed: (it says "Forwarding" on top in Turkish)
But empty screen
User is also created.

Is this what it is supposed to happen? Empty screen?

No :/

Can you try again in your app?

In my app I am getting the "flutter: ERROR | HostedUiStateMachine | Emitted error: UnknownException {
"message": "(invalidRequest) invalid_scope" error

If you prefer we can also join a voice channel where I can share my screen to speed up the progress. We can post the solution here afterwards, if that's is possible of course.

I may be able to do that tomorrow. Sorry, I'm jumping back and forth between things right now.

Okay, Let me know about your availability for this.

Oh I see one more issue in your App Client Hosted UI config. Like we added the aws.cognito.signin.user.admin scope before, can you also add the phone scope to the list of OpenID Connect scopes and try signing in with your app again?

Yes, it worked with the following configuration:

I have similar issue with the Apple login also, can you also help with that?

Phew!

Sure, let me refresh on Apple real quick

Do you also have a Web project that you use with Amplify? I'm very confused how your configuration became that way. When I set up a new project with Google sign in I get the last image you sent for my Hosted UI settings 🤔

No, I don't but while trying to solve other issues I might have messed up with the settings.

Okay, gotcha. No worries at all, just want to make sure I don't need to open an issue with the CLI team.

I am pretty sure there isn't any problem with cli. I think the issue was the callback URLs and while trying to solve that issue I messed up other stuff 😅

Roger that! 😄

For Apple, have you completed the steps here? https://docs.amplify.aws/lib/auth/social/q/platform/flutter/#configure-auth-category specifically have you updated the domains and return URLs section on this screen?

It should be like this right?
I have different UI here in the "Sign in with Apple" conf.

That looks like the configuration for the App ID. There should be a similar configuration for the Service ID. If you go to the Identifiers screen and click the tab in the top right you can change the view to Service IDs.

Oh yeah, I configured before but after setting up the auth with cli I didn't change the url, so I am going to change that and try. Thanks for your help!

Okay, sounds good. And my pleasure! Let me know if it works 🙂

Yeah! Thanks a lot!🙏

🥳

So glad it worked! Please let me know if you run into any more issues.

✅ - Invalid State