Closed irfanbabar15 closed 2 years ago
Encountering the same issue as we attempt to integrate Azure AD federated sign in. Their support acknowledged that the state parameter size limitation is something they're working on fixing but they were unable to give us a timeline as to when a fix would be available.
They did suggest a workaround:
This issue is encountered generally when partners use a very large "state" param in the request. The recommendation is to:
- Instead of saving the entire state value directly in the query string, save it to a cookie.
- Then use the state query param to store a guid or identifier to indicate which state context to load from cookie when the request is returned to your service.
However, since we otherwise rely on Amplify's implementation federated sign in flow, it seems like it would be a pain to have to create our own implementation for this one sign-in option.
From my searching it seems like this has been an issue separate from the Amplify libraries for some time. As @AbeGellis mentioned, this probably needs to be addressed by Azure but I will ask the team to take a look and see if there's anything we can do on our end.
@chrisbonifacio @AbeGellis thankyou for reply. I have created ticket in microsoft community as well, they told me that customer (in our case aws cognito) send the state parameter. So I checked Auth (aws-amplify). Found we are sending state token. So I looked into the plugin codebase, and found that we are sending state maximum of 32 characters in sign-In URL which is "https://domain/oauth2/authorize", I have printed it in console.
Now I m confuse, is it aws cognito issue or azure.
I asked the team for feedback on this and it seems this might have to be addressed by the Cognito team because the state is being set by Cognito and not the Amplify JS library if you are federating in a Cognito User Pool, which it seems you are from the way you're calling Auth.federatedSignIn
.
I did find this official aws blog post on setting it up which does lead up to adding to an Amplify project: https://aws.amazon.com/blogs/security/how-to-set-up-amazon-cognito-for-federated-authentication-using-azure-ad/
If the steps there don't work then we will have to open an issue with the Cognito team for a more thorough investigation.
In the meantime, I'm going to try following the blog to set up a project and see if I can reproduce this behavior.
@chrisbonifacio , thankyou, I also try to above steps from link, if it work or not, will let you know.
@chrisbonifacio I had tried that link before, same issue. I think I have notice that, this issue appear only for personal email address like @outlook.com, gmail.com etc. But if I use business email address which I have created from azure portal using domain. I dont get any issue with and without azure portal login.
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.
Looking for a help forum? We recommend joining the Amplify Community Discord server amplify-help
forum.
Before opening, please confirm:
JavaScript Framework
Angular
Amplify APIs
Authentication, GraphQL API
Amplify Categories
auth
Environment information
Describe the bug
I have configure aws cognito with azure active directory (SSO) using openId, when I login to azure portal with user (@outlook.com/@gmail.com), and then try to login into my application, it success login my user into my app. But if I logout from azure portal, and try to login into my app using SSO. it show me email address field, so I fill email address. After that instead of showing me password field, it shows me 404 error login.live not found.
First I have goto microsoft community, after discussion, they told me I m sending state parameter which is very large and it exceed the GET request limit (2048). that why I getting not found issue. I verify it and indeed we are exceeding and found that aws-amplify pass state parameter when use Auth.federatedSignIn method.
So I try to send customState, small one i.e; '123', but I still showing very large State.
Is there any way to reduce the size of state encoding ? I have been stuck for 4 days now. Need help
Expected behavior
User should login into my app without first login into azure portal manually.
Reproduction steps
Create amplify project, setup azure with openId cognito. You can follow this link, there are alot of articles you can pick any.
https://www.terminalbytes.com/azure-ad-integration-as-an-idp-with-aws-cognito/
Code Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots