-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[cognito] ALB dns name has upper case that cognito does not accept as a callback url #11171
Comments
I think a solution is to enforce the callback-url always to lower case. Currently, it is manual work after a deployment since a Token is generated. |
Unfortunately, there is not an easy way for the CDK to do anything here. Since the DNS name is generated as part of CloudFormation deployment, there is no way for the CDK to know/manipulate the DNS name. The workaround is to add a lambda backed custom resource that does this conversion. |
@nija-at Thanks for taking a look into this. |
Internal ref w/ Cognito service: t.corp/D18522969 |
@nija-at has |
Hello, any updates on this issue? |
Amazing that this issue still exists. Definitely should be fixed by the Cognito team. For non-CDK users, an intrinsic ToLowerCase function for CFN templates would also help. If CDK team isn't going to do anything to help, can you guys please forward issue as appropriate and then close? |
You can use the custom resource below to get the DNS OnCreate const describeLoadBalancerRole = new Role(
this,
"DescribeLoadBalancersRole",
{
assumedBy: new CompositePrincipal(
new ServicePrincipal("ec2.amazonaws.com"),
new ServicePrincipal("elasticloadbalancing.amazonaws.com"),
new ServicePrincipal("lambda.amazonaws.com")
)
}
);
describeLoadBalancerRole.addToPolicy(
new PolicyStatement({
resources: ["*"],
actions: ["elasticloadbalancing:Describe*"]
})
);
describeLoadBalancerRole.addToPolicy(
new PolicyStatement({
resources: ["*"],
actions: [
"ec2:DescribeInstances",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeSecurityGroups"
]
})
);
const describeLoadBalancer = new AwsCustomResource(
this,
"DescribeLoadBalancers",
{
resourceType: "Custom::DescribeLoadBalancers",
onCreate: {
service: "ELBv2",
action: "describeLoadBalancers",
parameters: {
LoadBalancerArns: [loadBalancer.loadBalancerArn]
},
physicalResourceId: PhysicalResourceId.of(
`${id}-AwsSdk-${loadBalancer.loadBalancerFullName}`
)
},
policy: AwsCustomResourcePolicy.fromSdkCalls({
resources: AwsCustomResourcePolicy.ANY_RESOURCE
}),
role: describeLoadBalancerRole,
logRetention: RetentionDays.FIVE_DAYS
}
);
const loadBalancerTrueDnsName = describeLoadBalancer.getResponseField(
"LoadBalancers.0.DNSName"
);
new CfnOutput(this, "loadbalancer-address", {
value: loadBalancerTrueDnsName
}); If you don't mind using an additional lambda function, you can try this in your cdk:
|
This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
I would say this should stay open. |
Keep this open |
This has been open for almost 3 and a half years, any update? |
I have a similar issue. Impossible to retrieve the load balancer dns name using CfnOutput. It always takes a value like ${token[token.XXX]}. Any update on it? Thanks |
By using the
aws-elasticloadbalancingv2-actions
, I noticed that the Cognito construct wants to have the callback URL in all lower case. Because it is not the case, the callback to the loadbalancer is not reached.Reproduction Steps
Basically, I took it from here
What did you expect to happen?
A redirect to the loadbalancer.
What actually happened?
The cognito domain appends an
error
.Environment
Other
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: