Closed yashsharma04 closed 2 months ago
Hi mate.
Couple of questions:
Any update mate ?
Sorry missed this - So I checked it and our codebase took complete reference from this package about 2 years ago and are not directly using this. So apologies, we can close the ticket. But do lmk if you have seen the above issue before and what could be the possible fixes One more weird thing was - that its happening on chrome but not firefox.
Haven't seen the issue from the top of my head, although we have made many fixes and improvements over the years so I suggest you rebase.
Will close this issue. Feel free to reach out once you're back on latest version
Hi @ottokruse
https://github.com/aws-samples/cloudfront-authorization-at-edge/blob/2d1143c9413c339b690d544895920aa264a39ccc/src/lambda-edge/parse-auth/index.ts#L231
This is the error what we see
throw new common.RequiresConfirmationError( "Nonce mismatch. This can happen if you start multiple authentication attempts in parallel (e.g. in separate tabs)" );
And as its mentioned here, I am able to reproduce this with multiple tabs. Our users are possibly keeping website in multiple tabs and every morning login with any of those tabs which is causing this issue occurance even more.
Not sure what the best way forward is.
The nonce matching is a security feature--but it seems overly tight for these cases.
The auth@edge UI does offer an easy button that the user can click no? If they do they'll be signed in without issue ? But that page still scares off users ?
Yeah, they are greeted with that error so it always looks like something has gone wrong with the login. And surprisingly they keep multiple tabs very often.
Guess the answer is the error page should not be an error but simply say eg "Hi! Are you trying to sign in with us?"
Then it doesn't look like an error but simply just a double check of the users intent. Which is what we are after in this case
Yeah for now we enabled auto redirect to landing page which fixes the token. Might as well add a better page which comes up intermediate. Thanks though!
Seeing a bit of an issue on my chrome browser when I sign in, signout which calls /signout and then sign in again Checked the logs and it gives Nonce mismatch Error in parse auth lambda.
Surprisingly it doesn't happen on firefox.