/oauth2/authorize redirects to empty error

[mymattcarroll]

https://MY_APP.auth.ap-southeast-2.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2FMY_APP_DOMAIN%2Fcallback&response_type=token&client_id=MY_CLIENT_ID&state=STATE&scope=openid%20email has suddenly started redirecting to empty error.

See screen shot below.

Is anyone else having this issue?

I am 99.9% sure that it is not a configuration issue as this has started happening for all 3 applications we have using this SDK. They were all working 24 hours ago and have suddenly started redirecting to this empty error screen.

[ankon]

I'm having the same issue.

What is "interesting" is that using /login rather than /oauth2/authorize in the URL seems to work. Definitely looks like something on AWS' or the SDKs side.

[ankon]

https://github.com/Collaborne/amazon-cognito-auth-js/commit/54d0e454f3f42957e722ef7a248df89fc91d6347 .

I've changed dependencies in our package.json so that we get this change:

diff --git a/package.json b/package.json
index dc1f74a..e26934b 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
-    "amazon-cognito-auth-js": "^1.1.5",
+    "amazon-cognito-auth-js": "https://github.com/Collaborne/amazon-cognito-auth-js#collaborne",

(Note: I'll prepare a PR for this repository, but somehow I'm not sure that it'll get much attention. OTOH I also cannot promise that the above repository will be available forever, so I'd suggest you create your own fork :D)

[andrewcharlton]

:+1: We are encountering this issue as well. The change to /login works.

We'll fork for now but would appreciate this being fixed.

[mymattcarroll]

I've been in contact with AWS Support all day. They have said that using /login instead is a work around for now and that they are currently working a fix. The issue is not with the SDK, AWS Support are saying the SDK's implementation of the /oauth2/authorize endpoint is correct, the issue is with how cookies are cleaned up (or not cleaned up more specifically) when navigating the /logout endpoint.

[sfarfarini]

Same issue here, exactly the same happened above, happened suddenly without any change in out code or our configurations. Version 1.1.9.

[ankon]

@yuntuowang thanks. With "rolled back" you mean something on the server-side?

I'm a bit concerned about this issue, as it essentially made our application inaccessible for our users for a long time, and I couldn't see anything on the usual AWS channels about it (http://status.aws.amazon.com specifically).

[yuntuowang]

Now the /oauth2/authorize hosted UI urls works as expected.

[timwhunt]

@ankon in some cases like this we notify customers via the Personal Health Dashboard as that is more direct than the Service Health Dashboard.

[ankon]

@timwhunt A-ha! Found it there! Yet another place to add to the list of "what to check when customers are unhappy".