Redirect Mismatch Error (OIDC - AWS Cognito)

I am trying to add OpenID Connect with opendistro elasticsearch and kibana using AWS Cognito.

Here is my config.yml for security plugin:

   basic_internal_auth_domain:
             description: "Authenticate via HTTP Basic against internal users database"
             http_enabled: true
             transport_enabled: true
             order: 0
             http_authenticator:
               type: basic
               challenge: false
             authentication_backend:
               type: internal
 
     openid_auth_domain:
             http_enabled: true
             transport_enabled: true
             order: 1
             http_authenticator:
               type: openid
               challenge: false
               config:
                 subject_key: sub
                 roles_key: roles
                 openid_connect_url: https://cognito-idp.eu-west-1.amazonaws.com/eu-west-XXXXXXXX/.well-known/openid-configuration
             authentication_backend:
               type: noop

and kibana.yml looks like:

opendistro_security.auth.type: "openid"
opendistro_security.openid.connect_url: "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-XXXXXXXXXX/.well-known/openid-configuration"
opendistro_security.openid.client_id: "XXXXXXXXXXXX"
opendistro_security.openid.client_secret: "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
opendistro_security.openid.base_redirect_url: "https://subdomain.domain.tld:5601"

the callback url in AWS Cognito User Poll App Client is set to:

https://subdomain.domain.tld:5601

When I go to https://subdomain.domain.tld:5601 it redirects to cognito hosted ui for auth but gives error?error=redirect_mismatch&client_id=XXXXXXXXXXXXXXXXXX error

How do I solve this problem?