From 44f1bb66c29a15d2f9d223b82858a3d344cf7fe3 Mon Sep 17 00:00:00 2001
From: Al <altynbek.usenov@gmail.com>
Date: Sat, 20 Sep 2025 19:37:49 +1000
Subject: [PATCH 1/2] docs: Mention custom domain option for Amazon Cognito

---
 docs/resource_owners/amazon_cognito.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/resource_owners/amazon_cognito.md b/docs/resource_owners/amazon_cognito.md
index 64f004128..5ebb5a14f 100644
--- a/docs/resource_owners/amazon_cognito.md
+++ b/docs/resource_owners/amazon_cognito.md
@@ -21,7 +21,7 @@ hwi_oauth:
             scope:               "email openid" #needs to be enabled in cognito (profile, phone)
             options:
                 region: <pool_region>
-                domain: <pool_domain>
+                domain: <pool_domain> or <custom_domain> like https://yoursite.com 
 ```
 
 When you're done. Continue by configuring the security layer or go back to

From c6530a32e465782d8208d74fd8a15662a726cc78 Mon Sep 17 00:00:00 2001
From: Al <altynbek.usenov@gmail.com>
Date: Sat, 20 Sep 2025 19:41:57 +1000
Subject: [PATCH 2/2] Handles absolute URLs in Amazon Cognito

Ensures that the resource owner URL normalizer correctly handles
absolute URLs, such as those starting with `http://` or `https://`,
passed to the domain option. This prevents incorrect URL
generation when an absolute URL is explicitly provided.
---
 src/OAuth/ResourceOwner/AmazonCognitoResourceOwner.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/OAuth/ResourceOwner/AmazonCognitoResourceOwner.php b/src/OAuth/ResourceOwner/AmazonCognitoResourceOwner.php
index bd964b35c..cf1dd9179 100644
--- a/src/OAuth/ResourceOwner/AmazonCognitoResourceOwner.php
+++ b/src/OAuth/ResourceOwner/AmazonCognitoResourceOwner.php
@@ -47,6 +47,10 @@ protected function configureOptions(OptionsResolver $resolver)
         ]);
 
         $normalizer = function (Options $options, $value) {
+            if (str_starts_with($options['domain'], 'https://') || str_starts_with($options['domain'], 'http://')) {
+                return str_replace('{base_url}', $options['domain'], $value);
+            }
+
             $baseUrl = \sprintf('https://%s.auth.%s.amazoncognito.com', $options['domain'], $options['region']);
 
             return str_replace('{base_url}', $baseUrl, $value);