openid-configuration endpoint does not exist

jagregory / cognito-local

Local emulator for Amazon Cognito

MIT License

278 stars 67 forks source link

openid-configuration endpoint does not exist #348

Closed root0x closed 3 months ago

root0x commented 1 year ago

For spring boot to decude a signed JWT it needs an issuer endpoint which for cognito is https://cognito-idp.${aws-region}.amazonaws.com/${cognito_pool_id} . An example of the response is

  "authorization_endpoint": "",
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "https://cognito-idp.${aws-region}.amazonaws.com/${cognito_pool_id}",
  "jwks_uri": "https://cognito-idp.${aws-region}.amazonaws.com/${cognito_pool_id}/.well-known/jwks.json",
  "response_types_supported": [
    "code",
    "token"
  ],
  "scopes_supported": [
    "openid",
    "email",
    "phone",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": ""
}

Some of the information is not needed for spring boot to function. The only keys from that JSON object that are needed are issuer and jwks_uri for spring boot to function. I will submit a PR for this

root0x commented 1 year ago

The submitted PR adds the endpoint which returns a subset of the open id configuration endpoint enough that spring boot works and can find the jwks.json endpoint. Please review

funkrusher commented 1 year ago

the same endpoint would be needed for quarkus framework also i think.

See:

https://quarkus.io/guides/security-openid-connect

Quote: quarkus.oidc.auth-server-url The base URL of the OpenID Connect (OIDC) server, for example, https://host:port/auth. OIDC discovery endpoint will be called by default by appending a '.well-known/openid-configuration' path to this URL.

so it seems that ".well-known/openid-configuration" should be available. Here an example of a cognito pool that provides this:

https://cognito-idp.us-west-2.amazonaws.com/us-west-2_Knm7CFToH/.well-known/openid-configuration

zistow commented 1 year ago

When can we expect these changes to be merged into the new version?

jagregory commented 1 year ago

I'll take a look.

lucianogalvaodesousa commented 1 year ago

I got the same problem :(. I would like to use your COGNITO for my team to work locally, but this BUG is breaking this intention. I appreciate if you give a time expectancy. Thank's

root0x commented 10 months ago

@lucianogalvaodesousa you can use my fork https://github.com/root0x/cognito-local/tree/openid-configuration I have fixed that issue there

lippertto commented 4 months ago

Hi @jagregory, the endpoint is needed for next auth too. Can you have a look at the PR? If you have any remarks, I can help to work them in. Best, Tobias

ngoc-quoc-huynh commented 4 months ago

Any updates on this? Would be great if the PR gets merged.

martijnboers commented 3 months ago

Same, would be nice if someone presses merge

jagregory commented 3 months ago

I've merged the PR and published a new release: https://github.com/jagregory/cognito-local/releases/tag/v3.23.3

As you can all tell, my current work doesn't overlap much with Cognito so this tool isn't getting much attention. If anyone is interested in helping as a maintainer, let me know.