Comments (4)
Hi. I had the same issue and after a lot of troubleshooting I got to the following conclusion (and fix).
When you log out, the "handle" class goes through all if and exception cases and eventually ends up in
this._getRedirectToCognitoUserPoolResponse
That thing is supposed to serve you a cognito /authorize page with specific parameters, however if there is a user session still alive in cognito, e.g. you logged in 10 minutes ago, this page auto-generates a new code and redirects you back to the base url, the lambda gets the new ?code=... and issues new tokens for you.
Maybe I'm not familiar enough with cognito and oauth in general and there is a better way to configure the auth protocol which will make the /authorize endpoint work as I need it to, but in my case changing the /authorize link to /login worked exactly as I intended. Now, the user has the option to log back in with his existing session or sign in as another user.
git diff:
src/index.ts row 547
- const userPoolUrl = `https://${this._userPoolDomain}/authorize?redirect_uri=${oauthRedirectUri}&response_type=code&client_id=${this._userPoolAppId}&state=${state}`;
+ const userPoolUrl = `https://${this._userPoolDomain}/login?redirect_uri=${oauthRedirectUri}&response_type=code&client_id=${this._userPoolAppId}&state=${state}`;
+ //const userPoolUrl = `https://${this._userPoolDomain}/authorize?redirect_uri=${oauthRedirectUri}&response_type=code&client_id=${this._userPoolAppId}&state=${state}`;
I also have userPoolAppSecret included, but I don't think it's necessary to have it.
My Lambda@Edge index.js:
const { Authenticator } = require('cognito-at-edge');
const authenticator = new Authenticator({
region: 'eu-central-1', // user pool region
userPoolId: 'eu-central-1_someid', // user pool ID
userPoolAppId: 'user-pool-appid', // user pool app client ID
userPoolAppSecret: 'user-pool-secret', // user pool app client secret
userPoolDomain: 'my-cloudfront.auth.eu-central-1.amazoncognito.com', // user pool domain
logoutConfiguration: {
logoutUri: "/logout",
logoutRedirectUri: "/index.html"
},
cookieDomain: "my.cloudfront.domain.com",
cookiePath: "/",
cookieSettingsOverrides: {
idToken: {
expirationDays: 1
},
accessToken: {
expirationDays: 1
},
refreshToken: {
expirationDays: 7
}
},
logLevel: 'trace'
});
exports.handler = async (request) => authenticator.handle(request);
from cognito-at-edge.
@aalexiev42
Thanks for sharing your solution.
In my case, I needed to log out the user and reset the Cognito session fully, so I ended up with a similar approach, but redirecting to /logout user pool domain url.
from cognito-at-edge.
+1
from cognito-at-edge.
Related Issues (20)
- CORS error while redirecting
- Read PoolId, clientId from Secrets manager HOT 5
- login redirect with custom state does not work properly HOT 2
- How to get the logged in user in the application HOT 3
- Configurable cookie domains
- Mitigate CSRF attacks
- Make handler methods public
- purpose of disableCookieDomain - as will default to origin domain? HOT 1
- Redirect loop after refresh fetch caused by cookie path HOT 6
- Using cognito-at-edge as a layer on a lambda@edge function HOT 1
- Use as API Gateway Authorizer
- Maintaining Query String HOT 1
- Refresh functionality should not redirect on SPA applications
- Why is the authorization endpoint `/authorize` and not `/oauth2/authorize` ?
- Add `esModuleInterop = true` in tsconfig.json to enable bundle with Vite
- Client-side tokens and Error 502 clarification
- Consider using HTTP 307 instead of HTP 302 HOT 1
- TypeError - Cannot read properties of undefined (reading 'querystring')
- 503 ERROR due lambda timeout after tokens are fetched HOT 21
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cognito-at-edge.