support for IFRAMES

[flieks]

Hi,

I think we need to be able to embed the hosted UI in an IFRAME so we can integrate federated login inside our web app (domain).

Now without iframe there are 2 disadvantages:

• the user has to do 1 click more to login
• the user has to go outside our web app (menu disappears etc)

Now i get: Refused to display 'https://companyName.auth.eu-central-1.amazoncognito.com/login?client_id=1kefjqg8gf1k5slqpr1eovj9g&response_type=token&redirect_uri=https://ourdomain.com/sign_in?' in a frame because it set 'X-Frame-Options' to 'deny'.

What are the security implications for amazon if amazon allows this by modifying the X-Frame-Options?

Thanks Felix

[ed-zm]

+1

[rachitdhall]

X-Frame Options is used to prevent ClickJacking. We have heard the request to allow IFRAMES from other customers and will consider it in future updates to the service.

[flieks]

Thanks @rachitdhall for us full front-end integration is mandatory so we will probably switch to another auth service