awslabs / cognito-at-edge

Serverless authentication solution to protect your website or Amplify application
Apache License 2.0
191 stars 57 forks source link

Use 307 redirect when refreshing tokens in background to keep HTTP method #83

Open swantzter opened 10 months ago

swantzter commented 10 months ago

Issue # (if available): fixes #82

Description of changes:

When redirecting to cognito, or we handle a request that's been redirected from cognito we likely want to try GET on the target since a) cognito expects it or b) if we've taken a detour to cognito the original method is lost anyway. However, when we've refreshed tokens in the background and use a redirect response to the same url that was requested to set cookies we want the original request to be retried with the same method as it was originally made with, this way background POST/PUT/etc requests from web apps will not fail on the first try where tokens are refreshed

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.