search

Widen / cloudfront-auth

An AWS CloudFront Lambda@Edge function to authenticate requests using Google Apps, Microsoft, Auth0, OKTA, and GitHub login
ISC License
623 stars 148 forks source link

stuck in redirect loop #81

Open ashtonian opened 3 years ago

ashtonian commented 3 years ago

Hi - love the plugin. I'm stuck in a redirect loop and I'm not sure why? I wonder if its because the lambda is attached to the http->https redirect behavior? not sure what it should be otherwise.

here is the config json: 

{
    "AUTH_REQUEST": {
        "client_id": "id",
        "redirect_uri": "https://mydomain/oauth2/callback",
        "scope": "read:org user:email"
    },
    "TOKEN_REQUEST": {
        "client_id": "id",
        "client_secret": "secret",
        "redirect_uri": "https://mydomain/oauth2/callback"
    },
    "DISTRIBUTION": "distro",
    "AUTHN": "GITHUB",
    "PRIVATE_KEY": "",
    "PUBLIC_KEY": "",
    "SESSION_DURATION": 3600,
    "CALLBACK_PATH": "/oauth2/callback",
    "ORGANIZATION": "myorg",
    "AUTHORIZATION_ENDPOINT": "https://github.com/login/oauth/authorize",
    "TOKEN_ENDPOINT": "https://github.com/login/oauth/access_token"
}

CF Origin:

image

CF http -> https Behavior: image

ashtonian commented 3 years ago

haven't had any luck, used https://github.com/scalefactory/terraform-cloudfront-auth to see if I was doing something wrong and I'm still not sure whats up. Wondering if its a conflict around index.html. But either way I get a redirect loop.

ashtonian commented 3 years ago

I think I figured it out, after trial and error with the terraform module. It seems the lambda doesn't like nested paths for the callback path. If my callback url is set to /blah it works but if its set to /blah/blah it fails in a loop.