Failed authentication with AWS Cognito

Hello,

My team is running a self-managed Gitlab installation on AWS behind an ALB to terminate SSL connections.

We are using CE version 13.0.1.

We would like to authenticate users with Cognito and have followed this documentation:

https://docs.gitlab.com/ce/administration/auth/cognito.html
https://docs.gitlab.com/ee/integration/omniauth.html#initial-omniauth-configuration

But after clicking the Cognito button, we receive this error:

image

Here is the relevant section of /etc/gitlab/gitlab.rb:
image

Here is our Cognito app client:

We have also tried with /oauth2/idpresponse path. This is confusing since the Client ID’s are identical. Any help would be much appreciated!