Open mishabruml opened 5 months ago
Actually, I've discovered that this is ineffective at passing down the responseTimeout configuration when used like
new Authenticator({
region: 'foo',
userPoolAppId: 'bar',
userPoolDomain: 'fizz',
userPoolId: 'buzz',
jwtVerifierFetcherRequestOptions: {
responseTimeout: 5000,
},
});
I was still getting timeout logs in Lambdam and the occasional one like this:
{
"errorType": "Error",
"errorMessage": "Failed to fetch https://cognito-idp.*****.amazonaws.com/*********/.well-known/jwks.json: Response time-out (after 1500 ms.)",
"stack": [
"Error: Failed to fetch https://cognito-idp.****.amazonaws.com/*******/.well-known/jwks.json: Response time-out (after 1500 ms.)",
" at Timeout.<anonymous> (/var/task/index.js:1:4107)",
" at listOnTimeout (node:internal/timers:573:17)",
" at process.processTimers (node:internal/timers:514:7)"
]
}
Note the 1500ms timeout in the above log
The only way I've managed to get it to work at the moment is hardcoding like this https://github.com/mishabruml/cognito-at-edge/blob/43d671fdd06a7da0ae84b532dd69ca65a0115e5e/src/index.ts#L91-L99
Issue #86
Description of changes:
Allows customisation of the JWT fetcher. Mainly desired so that the 1500ms default responseTimeout can be increased to 5000ms, which has been the source of this issue #86. I have forked this repo and deployed the changes with a 5000ms to my lambda@edge and now the cognito flow and redirection works as expected, whereas previously I was getting timeout errors, the source of which was verifying the JWT.
Its effecteively just allowing this https://github.com/awslabs/aws-jwt-verify#configuring-the-jwks-response-timeout-and-other-http-options-with-jsonfetcher
Some related issues that I found useful: https://github.com/awslabs/aws-jwt-verify/issues/133 and in particular https://github.com/awslabs/aws-jwt-verify/issues/72
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.