Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does amplify vue Authentication Components support Authorization Code Flow with PKCE? #3659

Closed
hanslai opened this issue Jul 15, 2019 · 4 comments
Labels
pending-close-response-required A response is required for this issue to remain open, it will be closed within the next 7 days.
Milestone

Comments

@hanslai
Copy link

hanslai commented Jul 15, 2019

I would like to use Authorization Code Flow with PKCE for our SPA (Vue) and Mobile APP.

but it seems to me that the Amplify Vue SignIn component use SRP to login the user and get the tokens? Is this less secure then use "Hosted UI" by Cognito which follow the Open ID Connect standard?

So, does amplify vue Authentication Components support Authorization Code Flow with PKCE?
or should I just use the Amplify Authentication api https://aws-amplify.github.io/docs/js/authentication#working-with-the-api if I want to follow the Open ID Connect standard?

Which Category is your question related to?
amplify vue component with Authorization Code Flow with PKCE support

What AWS Services are you utilizing?
Cognito User Pool

@haverchuck haverchuck added this to the Auth v2 milestone Jul 16, 2019
@stale
Copy link

stale bot commented Aug 15, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the pending-close-response-required A response is required for this issue to remain open, it will be closed within the next 7 days. label Aug 15, 2019
@stale
Copy link

stale bot commented Aug 22, 2019

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

@stale stale bot closed this as completed Aug 22, 2019
@juancpgo
Copy link

I would like to use Authorization Code Flow with PKCE for our SPA (Vue) and Mobile APP.

but it seems to me that the Amplify Vue SignIn component use SRP to login the user and get the tokens? Is this less secure then use "Hosted UI" by Cognito which follow the Open ID Connect standard?

So, does amplify vue Authentication Components support Authorization Code Flow with PKCE?
or should I just use the Amplify Authentication api https://aws-amplify.github.io/docs/js/authentication#working-with-the-api if I want to follow the Open ID Connect standard?

Which Category is your question related to?
amplify vue component with Authorization Code Flow with PKCE support

What AWS Services are you utilizing?
Cognito User Pool

I'm currently facing the same dilemma. If you don't mind sharing, how did you end up deciding between SRP and PKCE, in terms of security and Amplify support?

@github-actions
Copy link

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
pending-close-response-required A response is required for this issue to remain open, it will be closed within the next 7 days.
Projects
None yet
Development

No branches or pull requests

3 participants