Allowing multiple redirectSignIn/redirectSignOut urls breaks federated auth #2792
Comments
|
Multiple signin and signout URI's need to be supported from the JS Lib as it's supported by the cognito service. Transferring over the JS Lib team. |
|
Marking this as a feature request as it is something that is not implemented today. |
Sorry guys but in fact, this is a normal behavior.Setup Then you get a Why ? What can you do ? and, Full code & example Next steps |
|
I'd like to first comment that I'm really impressed with this library, and I'd like to give a hearty thank you to the teams that have added so many useful, well-integrated, and multi-faceted features I disagree that this is "normal behavior". The CLI has the capability to add multiple The code you posted does serve as a workaround to this issue, but it is not really satisfactory, because you're hard-coding values in the code that overwrite the generated values in the config. This defeats the purpose of using the CLI and the config generation capabilities. In my opinion, supporting the multiple redirect urls, and detecting when to use which is an implementation detail that should be abstracted away by the library. |
|
+1 to @djheru . In addition, Amplify allows multiple environments, for each of which there is a separate cognito user pool created. The whole point of aws-exports.js generated during build time was for it to figure out what parameters to configure Amplify with. If we cannot figure out what redirectURI to use per environment during build time, that kinda defeats the purpose of this aws-exports.js being generated. |
|
I think that the most dynamic solution would be to have named/aliased redirects that are stored in amplify config and added to the aws-exports file. This would allow for normalization across multiple environments and also enable selection of which redirect path to use. For me, my main challenge is always to use localhost vs the actual hosted webapp. That would look something like: This would allow us to whitelist all of those various domains in the Cognito Hosted UI and social providers but also select them conveniently in the frontend code without duplicate sources of truth. I also noticed while typing this that the aws-exports file does not include an environment name (eg. env: 'dev'). This seems like a missing feature that would simplify this context management n the frontend when Amplify doesn't do so automatically. |
|
It sounds more like amplify publish should update it's aws-exports.js before uploading to point to the URL based on aws_content_delivery_url in same file - and that npm start should use the aws-exports.js localhost always (i.e. not updating the file). That seems much simpler than our code dealing with it or hard coding - Am I missing something? (New to Amplify). |
|
Here's my workaround to this problem, should it be useful to someone else. It applies to Angular, but I'm sure can be adapted to any other front-end toolset: I added this hack to the Angular This selects the locahost URL for development, and the |
|
I ended up with a similar solution, but it works just fine |
|
@djheru you pretty much read my mind on this script. Thanks for developing it and posting it so I didn't have to! |
|
I can also confirm that having multiple redirect URLs in your awsconfiguration.json will break federated auth. Additionally, |
|
I did the similar workaround with the above and it worked. I'm sharing the code as this could be one of the smallest code example - import Amplify from "aws-amplify";
import awsconfig from "./aws-exports";
awsconfig.oauth.redirectSignIn = `${window.location.origin}/`;
awsconfig.oauth.redirectSignOut = `${window.location.origin}/`;
Amplify.configure(awsconfig);Note that this works only when your |
|
+1, this feature seems important and needed, please prioritize!!! |
|
For someone who cannot access to function findUrlForEnv(urlStrings: Array<string>, isLocal: boolean): string {
if (urlStrings.length === 1) return urlStrings[0];
const re: RegExp = isLocal ? /^http:\/\/localhost/ : /^https:\/\//;
const [url]: Array<URL> = urlStrings
.filter((urlString) => urlString.match(re))
.map((urlString) => new URL(urlString));
if (!url) throw new Error("No valid URL found: " + urlStrings.join(","));
return url.href;
}
function isDevelopment() {
const { NODE_ENV } = process.env;
return NODE_ENV === "development";
}
const redirectSignIn = findUrlForEnv(
awsconfig.oauth.redirectSignIn.split(","),
isDevelopment()
); |
|
My federated config works locally but doesn't work in prod in a Gatsby project. I am pretty sure it's related to the switching of the redirect URI's |
|
Just for new Amplify users like me who come across this issue, they just want to add a production URI to the login redirect. You should just use one URI per environment: In command line, do: to add a production environment You can switch env: before you build the production version of code. |
Describe the bug
Using the Amplify CLI to add multiple
redirectSignIn/redirectSignOutURLs results in a broken configTo Reproduce
Steps to reproduce the behavior:
amplify add authto set up a federated auth configredirectSignInurl, e.g.http://localhost:3000redirectSignInurl, e.g.https://d32tfey1ge36f1.cloudfront.net/redirectSignOuturls"redirectSignIn": "http://localhost:3000/,https://d32tfey1ge36f1.cloudfront.net/",Expected behavior
The CLI should not allow multiple URLs to be entered if that results in a non-working config
Additional context
Using Google as the OAuth provider, the following invalid URI is generated due to the multiple comma-separated urls being set as the
redirect_urivalue:Notice the
redirect_uriparameter has both URLs.I solved this problem in my react.js app by overriding the
awsmobileconfig something like this:The text was updated successfully, but these errors were encountered: