So here is my issue.
error_description=username+attribute+mapping+required&error=invalid_request
Also Ngrok is returing 400 back to the Cognito client but that's probably because the wrapper doesn't resolve correctly because of the 403.
debug: Signing payload {"iss":"https://<retracted>","aud":"<retracted>"}
debug: Resolved token response: {"access_token":"<retracted>","expires_in":28800,"refresh_token":"<retracted>"}
debug: Token for (<retracted>, undefined, <retracted>) provided
info: Providing access to JWKS: {"keys":[{"alg":"RS256","kid":"jwtRS256","kty":"RSA","n":"<retracted>","e":"AQAB"}]}
error: Failed to provide user info: Request failed with status code 403
debug: Checking response: [Circular]
debug: Fetched user details: {"login":"<retracted>","id":<retracted>,"node_id":"<retracted>","avatar_url":"<retracted>","gravatar_id":"","url":"https://api.github.com/users/<retracted>","html_url":"https://github.com/<retracted>","followers_url":"https://api.github.com/users/<retracted>/followers","following_url":"https://api.github.com/users/<retracted>/following{/other_user}","gists_url":"https://api.github.com/users/<retracted>/gists{/gist_id}","starred_url":"https://api.github.com/users/<retracted>/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/<retracted>/subscriptions","organizations_url":"https://api.github.com/users/<retracted>/orgs","repos_url":"https://api.github.com/users/<retracted>/repos","events_url":"https://api.github.com/users/<retracted>/events{/privacy}","received_events_url":"https://api.github.com/users/<retracted>/received_events","type":"User","site_admin":false,"name":"<retracted>","company":"<retracted> <retracted> ","blog":"http://github.com/<retracted>","location":"<retracted>","email":"<retracted>","hireable":true,"bio":null,"twitter_username":"<retracted>","public_repos":77,"public_gists":12,"followers":12,"following":17,"created_at":"2013-01-01T10:44:40Z","updated_at":"2021-02-07T21:49:19Z"}
debug: Resolved claims: {"sub":"<retracted>","name":"<retracted>","preferred_username":"<retracted>","profile":"https://github.com/<retracted>","picture":"https://avatars.githubusercontent.com/u/<retracted>?v=4","website":"http://github.com/<retracted>","updated_at":1612734559}
error: Failed to provide user info: Request failed with status code 403
debug: Checking response: [Circular]
debug: Fetched user details: {"login":"<retracted>","id":<retracted>,"node_id":"<retracted>","avatar_url":"https://avatars.githubusercontent.com/u/<retracted>?v=4","gravatar_id":"","url":"https://api.github.com/users/<retracted>","html_url":"https://github.com/<retracted>","followers_url":"https://api.github.com/users/<retracted>/followers","following_url":"https://api.github.com/users/<retracted>/following{/other_user}","gists_url":"https://api.github.com/users/<retracted>/gists{/gist_id}","starred_url":"https://api.github.com/users/<retracted>/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/<retracted>/subscriptions","organizations_url":"https://api.github.com/users/<retracted>/orgs","repos_url":"https://api.github.com/users/<retracted>/repos","events_url":"https://api.github.com/users/<retracted>/events{/privacy}","received_events_url":"https://api.github.com/users/<retracted>/received_events","type":"User","site_admin":false,"name":"Jón Levy","company":"@ruv-ohf @andesorg ","blog":"http://github.com/<retracted>","location":"<retracted>","email":"<retracted>","hireable":true,"bio":null,"twitter_username":"<retracted>","public_repos":77,"public_gists":12,"followers":12,"following":17,"created_at":"2013-01-01T10:44:40Z","updated_at":"2021-02-07T21:49:19Z"}
debug: Resolved claims: {"sub":"<retracted>","name":"<retracted>","preferred_username":"<retracted>","profile":"https://github.com/<retracted>","picture":"https://avatars.githubusercontent.com/u/<retracted>?v=4","website":"http://github.com/<retracted>","updated_at":1612734559}