Open tomasyaya opened 4 years ago
Hello.
I have created a proxy so I can call my refresh token from the front end, in case thats the environment from where amplify triggers the callback.
The proxy itself works fine, if I trigger the callback from the web its fetches the the data OK.
Nevertheless when added to the Auth.configure, at some point the credentials expire and there is no refresh being done.
Some corrections I did to my code are:
In the return obj I now return id_token and not access token, because as im using OIDC amplify need the id_token (either way I tested with access token and it does not work).
The key in the Auth.config is now the domain ("login.salesforce.com") and not developer
Auth.configure({ refreshHandlers: { login.salesforce.com: retreiveAccessToken.bind({}, inputObj.refreshToken) } })
I also tried returning a plain obj instead of a promise, because the callback is async and returns a promise either way but this didn't work either.
If you have some clarifications please send them in
Thank you
Another thing, I don't know if its related but:
After calling Auth.configure({ refreshHandlers: ... }) if I call Auth.currentAuthenticatedUser() the refreshCallbacks array is empty, does it has anything to do?
Maybe the Auth.config is not persisting?
I'm struggling with this, federated with auth0... empty refreshCallbacks.. react-native
const refreshToken = require('refreshser')
Amplify.configure({
Auth: {
auth0: {
domain: Config.AUTH0_DOMAIN,
clientID: Config.AUTH0_CLIENT_ID,
redirectUri: '/',
audience: `${Config.AUTH0_AUDIENCE}/userinfo`,
responseType: 'token id_token', // for now we only support implicit grant flow
scope: 'openid offline_access profile email', // the scope used by your app
returnTo: '/',
},
mandatorySignIn: false,
region: Config.AWS_REGION,
identityPoolRegion: Config.AWS_REGION,
identityPoolId: Config.AWS_COGNITO_ID_POOL,
userPoolId: Config.AWS_USER_POOL,
userPoolWebClientId: Config.AWS_USER_POOL_CLIENT,
refreshHandlers: {
[Config.AUTH0_DOMAIN]: refreshToken, // ****.auth0.com
developer: refreshToken, // testing
},
}
})
Has anyone been able to figure this out, especially the audience
part? @bneigher @tomasyaya
I have been able to integrate Cognito/OIDC/Auth0, but the ability to get a data payload that isn't an opaque token (empty data payload) has been a major struggle bus. It is referenced in this forum post: https://community.auth0.com/t/why-is-my-access-token-not-a-jwt-opaque-token/31028
Really curious if anyone has found a way to reconcile the access of AWS resources and Auth0 resources either as 1 combined jwt, or an AWS-authorized jwt, and then a client-side fetched Auth0 access_token?
Which Category is your question related to?
Authentication
Amplify CLI Version
4.12
What AWS Services are you utilizing?
Cognito GraphQl Api
Provide additional details e.g. code snippets
Hello.
Im currently doing Auth through openId with salesforce.
Im retrieving the access token, refresh token an profile info and getting AWS credentials through Federated Sign In.
At some point my credentials expire. Because Amplify does not automatically refresh access token for salesforce (I read it does for Amazon, Google and Facebook) Im required to present a callback that retrieves the new access token.
Amplify Example
And this is what Im doing:
This fails to refresh the access token, credentials expire and im not able to access my GraphQl api.
Some pointers:
The refresh token endpoint in Salesforce does not support CORS. For testing purpose I fetch the new access token through a Lambda function (and it works perfect). But I didn't use it in the Auth.configure because to access it you new a valid access token and that wont be the case when the lambda is going to be execute. The callback I hook into the Auth.configure does not work from web because of CORS. But I believe Amplify runs it in node environment so it shouldn't be a problem (i guess).
Please, if someone more experience would lend me a hand that would be great. Let me know is im not being clear with something. Thank you very much