Open ankitgupta-ag opened 1 month ago
This has affected and prevented us from using AWS Cognito.
https://github.com/Chainlit/chainlit/blob/main/backend/chainlit/secret.py#L5
The ^
character is not accepted by AWS Cognito in a value to the state
during /oauth2/authorize. We monkey-patched the issue for now. By including this in our chainlit app.
from chainlit import secret
# We have to do this because, `^` in the OAuth /authorize step
# trips up AWS Cognito. So we are monkey-patching out this
# character.
# FIXME: Remove this monkeypatch once chainlit fixes it
secret.chars = secret.chars.replace("^", "")
Looking forward to a long-term fix!
Describe the bug AWS Cognito requires that calls to
/oauth2/authorize
endpoint must have thestate
parameterbase64
encoded https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html#get-authorize .Chainlit however simply creates a 32 character state randomly without encoding the string to
base64
. https://github.com/Chainlit/chainlit/blob/main/backend/chainlit/server.py#L370This issue occurs randomly whenever the 32 character state has characters not typically found in a base64 string (like $,%,^).
To Reproduce Steps to reproduce the behavior:
/oauth2/authorize
.state
parameter set in thelocation
header in the response received from the Chainlit application.state
parameter has special characters, observe the400
bad request error code from calls to the Cognito domain./oauth2/authorize
succeed whenstate
parameter no longer has special characters.Expected behavior The expectation is that Chainlit encodes the string to base64 before setting it as the state and call the configured auth providers.
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):