I've used the cognito-at-edge package for my current project and I needed some clarity on a couple of things.
Firstly, I noticed that it was working as it should on with my browser on incognito. I'd be redirected from the Cloudfront distrbution link to the Cognito hosted UI I've set up; upon authentication I can view the S3 content via Cloudfront. When I'm not incognito however, it seems that once I authenticate and logout (using the logout endpoint), I can still access the content directly using the Cloudfront distribution link. I assumed that the logout functionality would clear the tokens, so the user would have to re-authenticate after logging out to view the content. Based on my understanding, the tokens on the browser are not getting cleared, which would explain why it's working correctly on incognito. How do I get around this?
Secondly, I started getting a 502 error upon authentication. This happened a day after I set everything up. Here's a screenshot of the error:
Since the cognito-at-edge package handles header manipulation internally, I'm not quite sure how to resolve this.
It's my first project using AWS services, there's definitely some gaps in my knowledge. I'd appreciate some insight on this!
I've used the cognito-at-edge package for my current project and I needed some clarity on a couple of things.
Firstly, I noticed that it was working as it should on with my browser on incognito. I'd be redirected from the Cloudfront distrbution link to the Cognito hosted UI I've set up; upon authentication I can view the S3 content via Cloudfront. When I'm not incognito however, it seems that once I authenticate and logout (using the logout endpoint), I can still access the content directly using the Cloudfront distribution link. I assumed that the logout functionality would clear the tokens, so the user would have to re-authenticate after logging out to view the content. Based on my understanding, the tokens on the browser are not getting cleared, which would explain why it's working correctly on incognito. How do I get around this?
Secondly, I started getting a 502 error upon authentication. This happened a day after I set everything up. Here's a screenshot of the error:
Since the cognito-at-edge package handles header manipulation internally, I'm not quite sure how to resolve this.
It's my first project using AWS services, there's definitely some gaps in my knowledge. I'd appreciate some insight on this!