Failed authentication with AWS Cognito


My team is running a self-managed Gitlab installation on AWS behind an ALB to terminate SSL connections.

We are using CE version 13.0.1.

We would like to authenticate users with Cognito and have followed this documentation:

But after clicking the Cognito button, we receive this error:


Here is the relevant section of /etc/gitlab/gitlab.rb:

Here is our Cognito app client:

We have also tried with /oauth2/idpresponse path. This is confusing since the Client ID’s are identical. Any help would be much appreciated!