how to set state parameter in the callback URL?

[goldenbearkin]

I have a SPA and would like to pass back the route information so that user can redirect to the route where they intend to access before undergo authentication.

I found from the aws documentation http://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html saying i can pass the state value back to the client:

"state An opaque value the clients adds to the initial request. The authorization server includes this value when redirecting back to the client.

This value must be used by the client to prevent CSRF attacks.

Optional but strongly recommended."

[rachitdhall]

When hitting the login or authorize endpoint just include as a query parameter "STATE". Post authentication this value is returned to the redirect_uri.

[goldenbearkin]

@rachitdhall Thank you for your quick response. Sorry, i still don't understand how to set it.

i tried below but doesn't work.

{
  ClientId: '*************************',
  AppWebDomain: '***********.auth.ap-northeast-1.amazoncognito.com',
  TokenScopesArray: ['email openid profile'],
  RedirectUriSignIn: `https://${origin}/cognitocallback?STATE=1234`,
  RedirectUriSignOut: `https://${origin}`
}

and seems auth.getSession() is the only api to sign-in user. Could you elaborate where can I set the 'STATE'? Many thanks

[goldenbearkin]

@rachitdhall seems your solution is for who manually hit the endpoint, not for this library. Please kindy reopen the issue. Thanks

[jonasao]

@rachitdhall This issue is still existing, open and fix!

[yuntuowang]

A similar issue was open at #58 Closing this.

[viganella]

I have the exact same issue, did you get something from this ?

[yuntuowang]

Hi @viganella, can you check this issue: https://github.com/aws/amazon-cognito-auth-js/issues/58 ? We have released the new version fixing it.