01-tutorials - [Bug] "400 Client Error: Bad Request for url:" error in 05-mcp-server-as-a-target (Cognito domain URL case mismatch in get_token()) #812
Description
In which component is this bug present?
- 01-AgentCore-runtime
- 02-AgentCore-gateway
- 03-AgentCore-identity
- 04-AgentCore-memory
- 05-AgentCore-tools
- 06-AgentCore-observability
- 07-AgentCore-E2E
If you are reporting multiple bugs, please create a separate issue for each. For documentation improvements, use the documentation improvement issue type.
Bug Description
The get_token() functions in multiple tutorial files fail to authenticate with Cognito user pools due to a case mismatch between domain creation and URL construction. This causes 400 Bad Request errors when requesting
OAuth tokens. It keeps 05-mcp-server-as-a-target from running sometimes and is present in 11-api-gateway-as-a-target and 04-integration/02-runtime-gateway-mcp-toolkit.
Root Cause:
AWS Cognito automatically creates user pool domains in lowercase, but the get_token() functions construct OAuth endpoint URLs without converting the user pool ID to lowercase, resulting in invalid URLs that return
400 Bad Request errors.
Affected Files:
- 01-tutorials/02-AgentCore-gateway/utils.py (line 160)
- 01-tutorials/02-AgentCore-gateway/11-api-gateway-as-a-target/utils.py (line 85)
- 01-tutorials/02-AgentCore-gateway/04-integration/02-runtime-gateway-mcp-toolkit/agentcore_toolkit/utils.py (line 307)
Current Behavior
1. Domain creation correctly uses lowercase: user_pool_id.replace("_", "").lower()
2. URL construction incorrectly omits lowercase: user_pool_id.replace("_", "")
3. Results in 400 Bad Request errors when calling OAuth token endpoint
Expected Behavior
Both domain creation and URL construction should use consistent lowercase formatting.
Screenshots
If applicable, add screenshots to help explain your problem.