search

Dan6erbond / sk-auth

Authentication library for use with SvelteKit featuring built-in OAuth providers and zero restriction customization!
MIT License
578 stars 70 forks source link

session.user undefined if all tokens are added to it with AWS cognito oauth2 flow #107

Open sebastianhutter opened 2 years ago

sebastianhutter commented 2 years ago

I am trying to add authentication for AWS cognito with sk-auth.

This is my current src/lib/appAuth.ts file

import { SvelteKitAuth } from "sk-auth";
import { dev } from '$app/env';
import {
    OAuth2Provider
} from "sk-auth/providers";

const DOMAIN = import.meta.env.VITE_COGNITO_DOMAIN;
export const appAuth = new SvelteKitAuth({
    protocol: dev ? 'http' : 'https',
    providers: [
        new OAuth2Provider({
            id: 'cognito',
            accessTokenUrl: `https://${DOMAIN}/oauth2/token`,
            profileUrl: `https://${DOMAIN}/oauth2/userInfo`,
            authorizationUrl: `https://${DOMAIN}/oauth2/authorize`,
            clientId: import.meta.env.VITE_COGNITO_CLIENT_ID,
            clientSecret: import.meta.env.VITE_COGNITO_CLIENT_SECRET,
            scope: ['openid', 'email'],
            contentType: 'application/x-www-form-urlencoded',
            profile(profile, tokens) {
                return {
                    ...profile,
                    access_token: tokens.access_token,
                    id_token: tokens.id_token,
                    refresh_token: tokens.refresh_token,
                    provider: 'cognito'
                };
            }
        })
    ]
});

I am testing the login with this index.svelte file


<script lang="ts">
    import { session } from "$app/stores";
    import { signOut as authSignOut } from "sk-auth/client";

    function signIn() {
        location.assign('/api/auth/signin/cognito?redirect=/');
    }

    function signOut() {
        authSignOut().then(session.set);
    }

    console.log($session.user)
</script>

{#if !$session.user}
    <button on:click="{signIn}">Log In with Cognito</button>
{:else}
    <p>You are logged in as: {$session.user.email}!</p>
    <button on:click={signOut}>Log Out</button>
{/if}

The authentication works but as soon as I am passing more then one token to the session.user the login breaks and the session.user remains "undefined":

image

When I am removing all but one token from the OAuth2 Configuration the object is passed as expected:

(src/lib/appAuth.ts)

...
...
            profile(profile, tokens) {
                return {
                    ...profile,
                    id_token: tokens.id_token,
                    provider: 'cognito'
...
...

image

Any clues why this happens? I assume this has to do with the size of the passed cookie / HTTP headers, but I do not know how to verify this assumption.