Closed fknittel closed 4 months ago
It would be great to have this implemented.
Answering your request of finding a way to get the same result without forking: I was experimenting with the parseAuthPath
field used in the Authenticator constructor object parameter and I managed to get a redirect_uri that includes it on the first unauthenticated call cognito-at-edge does to the cognito api /login
. The problem comes when you are calling cognito-at-edge again, (after successful login) with the generated code you got from the previous call, the redirect_uri doesn't have the parseAuthPath
parameter on the request made by lambda@edge to the cognito endpoint /oauth2/token
to actually validate that code.
@fknittel Hi Fabian, sorry for the lack of response from the team on this PR. Unfortunately, we have a lot of conflicting priorities which take precedence over maintaining and extending this package.
It turns out that we have a very similar need to yours, though, so I will be happy to review your CR and merge it ASAP.
I needed to maintain compatibility with the parseAuthPath
parameter which already existed, so I made a few changes. Thanks for your contribution! Expect a new release early next week.
Description of changes: We are using cognito-at-edge in an environment where not all paths are handled by our edge lambda. Specifically, the website root
/
is not handled by us.Example:
An access attempt to https://example.com/foo/ results in a redirect to https://domain.auth.us-east-1.amazoncognito.com/authorize?redirect_uri=https://example.com&response_type=code&client_id=63gcbm2jmskokurt5ku9fhejc6&state=/foo/
Notice that the
redirect_uri
points to a path that is not handled by us.This PR adds an option
redirectPath
to allow specifying a different value forredirect_uri
. Example:An access attempt to https://example.com/foo/ now results in a redirect to https://domain.auth.us-east-1.amazoncognito.com/authorize?redirect_uri=https://example.com/foo/oauth2/idresponse&response_type=code&client_id=63gcbm2jmskokurt5ku9fhejc6&state=/foo/
I hope the use-case makes sense to you and isn't too much of an edge case. (Otherwise I'd love to learn of a way to get the same result without modifying or effectively forking cognito-at-edge.) I'd be more than happy to tweak the naming, add more automated tests, etc.
The modified code appears to work well and is already used in production.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.