[BUG]Login button doesn't work with Route53 A record pointing to cloudfront distribution

aws-samples / bedrock-claude-chat

AWS-native chatbot using Bedrock + Claude (+Nova and Mistral)

MIT No Attribution

931 stars 333 forks source link

[BUG]Login button doesn't work with Route53 A record pointing to cloudfront distribution #493

Closed apheera closed 1 month ago

apheera commented 3 months ago

Describe the bug

With actual front end URL everything works but with URL which I registered in route53, it launches the page, and when I click on login button nothing happens.

Cognito is integrated with Azure AD and works well with default frontend URL but not with "route53 simplied record"

registered cloudfront frontend URL in route53
ensure there alternate domain name updated in Cloudfront distribution pointing to domain name

To Reproduce

Browse the DNS via browser example https://friendlyname.com, it brings the login button but when I click on it, nothing happens

Screenshots

Yukinobu-Mine commented 3 months ago

@apheera How did you register your CloudFront distribution with Route53? (Manually register in the AWS console, or change the CDK code?)

apheera commented 3 months ago

@Yukinobu-Mine Yes I created a A record with Alias pointing to cloud front. Also added Alternate domain name (CNAME) - optional pointing to URL I want to resolve but none is working. Please note that I have integrated cognito with Azure AD, and authentication and authorisation works fine when it comes to default URL provided by CDK BUT when I register Cloud front to Route53 to a simplified name, that launches but LOGIN button doesn't work

and when I inspect the browser I get error below

index-5e8eddf3.js:165 Uncaught (in promise) InvalidOriginException: redirect is coming from a different origin. The oauth flow needs to be initiated from the same origin at https:///assets/index-5e8eddf3.js:165:42368

Yukinobu-Mine commented 3 months ago

@apheera Could you please provide the following information?

Is Allowed callback URLs setting of your Cognito user pool set to your custom domain? (in AWS console, Cognito -> User pools -> AuthUserPoolXXXX -> App integration tab -> App client list -> AuthUserPoolClientXXXX -> Hosted UI)
identityProviders setting in your cdk.json. (not including secretName)

apheera commented 2 months ago

yes allowed callback is already set to custom domain with the default one which was created by codebase
Identity provider settings below "identityProviders": [ { "service": "oidc", "serviceName": "AWS-Bedrock-OpenID", "secretName": "bedrock" } ],

Yukinobu-Mine commented 2 months ago

@apheera Thank you. You need to reflect custom domain settings to the front-end environment variables (in cdk/lib/constructs/frontend.ts) such as:

VITE_APP_REDIRECT_SIGNIN_URL: 'https://your-custom-domain',
VITE_APP_REDIRECT_SIGNOUT_URL: 'https://your-custom-domain',

github-actions[bot] commented 1 month ago

This issue has been labeled as "stale" due to no response by the reporter within 1 month (and 14 days after last commented by someone). And it will be closed automatically 14 days later if not responded.

github-actions[bot] commented 1 month ago

This issue has been closed due to no response within 14 days after labeled as "stale", 14 days after last reopened, and 14 days after last commented.