-
-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need troubleshooting recommendations after successful? install #11
Comments
More questions about what the app client settings need to be for each of these:
|
After creating a new app client and telling it not to generate a client secret, I'm no longer getting the previous error, just |
The required cognito setup should be descibed here and here. (I mention this because if it's not, I should update the documentation). I think the only App Client setting you need is to ensure that your github identity provider is enabled in the AWS console - under Enabled Identity Providers on the App Client Settings screen (under App Integration). Generally, your app client settings shouldn't matter for this shim though, since your cognito app client doesn't talk to the shim. The following diagram might help:
Remember that from GitHub's perspective, For the first error, were you correctly setting the client secret? This is
It depends what you mean. Cognito can do 2FA for you - that's beyond the scope of this shim, though. It should also handle github accounts with 2FA enabled - my GitHub account has 2FA enabled and it works fine. In the early development, I did have some problems authorising the github app when github wanted to do the 2FA challenge first (the 2FA challenge would appear, and then I'd get a 500 error when I put in the code). I think this was a GitHub bug which has since been solved (because I haven't experienced it again). I worked around it by logging in to github in a different tab first.
Unfortunately, Cognito doesn't have any logs for debugging. If you suspect the shim is the problem, you can run it locally with the node instructions and watch the traffic (let me know if you want help with this). If you suspect your app client is the problem, you could enable another identity provider (eg Google) and test logging in with that. Where exactly is |
You asked about these specific setttings:
I don't think these settings are relevant to this shim (because they're about your app client, not the shim) - but since it's easy for me to tell you mine: I have a client secret generated, and the others are not checked. If your cognito app client settings are the problem, I suspect the problem is to do with your app, and not this shim. |
Thanks for the detailed response! I did put the client id and secret into my config.sh file as directed. The error message I'm getting is being displayed on the boilerplate login page that I'm using as part of the AWS Amplify framework. I'm not getting redirected to the github login page. |
I'm going to close this because it doesn't seem related to this repository. Please feel free to reopen if this changes or you have anything to add. |
I've been able to follow your installation instructions successfully. After setting this up, deploying the lambda stack and API gateway, creating a new OIDC provider for it, creating a new Cognito app client, setting my github shim as its identity provider, and configuring an AWS Amplify app to use this app client for its auth, I'm currently getting the following error when trying to log in with my github username and password:
Hoping you might help answer a few questions:
The text was updated successfully, but these errors were encountered: