Open ford-at-home opened 8 months ago
kaklakariada
commented
8 months ago Hi @ford-at-home, You are the first user of this project besides me ;) I am happy you find it useful! Can you please send me screenshots of the Cognito users? Then I can compare them with my setup.
You wrote that you had some problems with the initial setup. Can you tell me details, so that I can improve the documentation?
ford-at-aws
commented
8 months ago Great to hear it! Your hard work to organize and document this the "correct" way made it possible for someone like me to come along, benefit from it, and contribute back!
Yes, I'll send a screenshot of my users when I get back to my home laptop.
Also, I'll raise a PR with updated steps and my CDK code. We don't necessarily need to add it, but at least we can discuss it in the PR and close if it doesn't make things easier for future onboarding :)
I love this project and it appears at the top of my Google search for "github s3 media player", so I'm happy to contribute in whatever way I can.
ford-at-home
commented
8 months ago @kaklakariada does this help?
aws cognito-idp list-users --user-pool-id us-east-1_yBpc5Vlen
{
"Users": [
{
"Username": "admin",
"Attributes": [
{
"Name": "sub",
"Value": "00e57a98-ce15-4243-b528-f57090e468f7"
}
],
"UserCreateDate": "2024-04-01T22:12:58.356000-04:00",
"UserLastModifiedDate": "2024-04-02T09:34:37.334000-04:00",
"Enabled": true,
"UserStatus": "CONFIRMED"
},
{
"Username": "test",
"Attributes": [
{
"Name": "sub",
"Value": "9edceb85-ed1d-4c8e-84e5-88992eef7643"
}
],
"UserCreateDate": "2024-04-02T09:34:27.927000-04:00",
"UserLastModifiedDate": "2024-04-02T09:34:27.927000-04:00",
"Enabled": true,
"UserStatus": "FORCE_CHANGE_PASSWORD"
}
]
}The only difference with my configuration is, that my user has a verified email-Address. I am not sure if this is required but you could try adding an email-address.
{
"Username": "user",
"Attributes": [
{
"Name": "sub",
"Value": "<id>"
},
{
"Name": "email_verified",
"Value": "true"
},
{
"Name": "email",
"Value": "<email>"
}
],
"UserCreateDate": "...",
"UserLastModifiedDate": "...",
"Enabled": true,
"UserStatus": "CONFIRMED"
}You could try to configure a different value for ambiguousRoleResolution in auth.ts to work around the "Ambiguous Cognito role mapping". But I recommend you find the root cause of the problem.
According to the documentation this can happen in two cases:
Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.
I updated the infrastructure code and added new properties. Maybe this also solves your problem.
Hi! Thanks for making this repo available with excellent documentation and, even better, (mostly) working code! It was a delight running through all the steps without a single error.
I'm an engineer at AWS so it's always fun checking out projects that use our services. In this context, I'm helping a non-profit create a digital repository for audio for rare and endangered indigenous chants.
Steps to reproduce
I ran through the steps on MacOS Sonoma (Warm terminal) and the AWS CDK 2.134.0 on my personal AWS account.
This consisted of:
In both logins, I encounter 2 errors.
Error 1 - Modal w/ optional dismissal
This appears and I am able to click the
Xto dismiss it:Perhaps this is not an important issue.
Error 2 - NotAuthorizedException - Ambiguous Cognito role mapping
The next appears here:
It appears to be linked to the following 400 HTTP request:
I will admit, I'm a little hazy on how Cognito works with React and will be debugging this myself later, but in case it's a bug I wanted to raise it up!
If there's any info you need to debug this further, LMK and I'll add it!