Incorrect Regex of idToken With Subdomains

[ckifer]

What happened:

Upon visiting beta.myurl.com cognito-at-edge uses the cookie from myurl.com as opposed to beta.myurl.com. They are both sent, but according to this Regex it should only parse the idToken from that of the initialized "_userPoolAppId". From my tests this doesn't seem to be the case.

This causes an infinite loop and eventual 503 on Viewer Request.

What did you expect to have happen:

The Regex correctly parses cookies even if there are multiple on the same domain of the form userPoolAppId}\..+?\.idToken=(.*?)(?:;|$)

How to reproduce this (as precisely and succinctly as possible):

Deploy cognito-at-edge to a lambda@edge function with cloudfront distro served at url of the form: beta.myurl.com Deploy the same setup to myurl.com making sure cookies are set from both.

Anything else you think we should know?

Environment:

• version of cognito-at-edge being used: latest
• node version of code base which uses cognito-at-edge: 16
• other: works on Firefox, does not work on Chrome

Here is a contrived example with the structure that my cookies get set and sent to Lambda@edge with:

As you can see the regex is incorrect. The order of the cookies shouldn't matter.

Regex test https://regex101.com/r/GdVCo6/1

Working Regex (needs tested more): https://regex101.com/r/vQSdRa/1 Edit: this working regex breaks the case of a username with a . character

[ckifer]

fixed in latest release #49 - closing