search

senzing-garage / entity-search-web-app

A lightweight http server providing a web UI for entity search through the senzing api server.
Apache License 2.0
2 stars 2 forks source link

How can I configure localhost to call HTTPS api-server with AWS Cognito ? #167

Closed taenaive closed 2 years ago

taenaive commented 3 years ago

Describe the bug Cognito How to To Reproduce Steps to reproduce the behavior:

  1. Go to '/proxy.conf.json'

  2. Change the Json to ': "/api/*": { "target": "https://senzing-....-amazonaws.com/api/", "secure": true, "logLevel": "debug", "pathRewrite": { "^/api": "" } },'

  3. npm start

  4. See an error

Expected behavior

should prompt the AWS Cognito login and the API server call should work.

Screenshots

[HPM] Rewriting path from "/api/attribute-types" to "/attribute-types" [1] [HPM] GET /api/attribute-types ~> https://senzing-....amazonaws.com/api/ [1] [HPM] Error occurred while trying to proxy request /attribute-types from localhost:4200 to https://senzing-....amazonaws.com/api/ (UNABLE_TO_VERIFY_LEAF_SIGNATURE) (https://nodejs.org/api/errors.html#errors_common_system_errors)

Desktop (please complete the following information):

Additional context I would like to know how to configure my locally running HTTP entity-search-web-app to connect to HTTPS api-server. Also, get an authentication log-in screen of Cognito.

docktermj commented 3 years ago

Hi @taenaive!

The only work we've done with AWS Cognito is in the cloudformation.yaml at https://github.com/Senzing/aws-cloudformation-ecs-poc-simple.

We aren't experts in integrating with various platforms (Kubernetes, Openshift, Swarm, AWS) with various products (Npm, Django, jetty, etc). However, to try to help you out, 2 things:

  1. @arawinters Can you provide any help with this request?
  2. Email support@senzing.com for your support request (We work on features and bugs in GitHub issues, but have a different ticketing system for support)

-- Michael Dockter

arawinters commented 3 years ago

@taenaive currently there is no support in the webapp to screen api calls for 401/403 responses and redirect on event. The feature will have to be added to the codebase. Typically we have the webapp connect to the api server over a private subnet/addr instead of hitting a publicly accessible path. I think it's a reasonable request to add 401/403 header intercepts/redirects functionality though. I'm gonna surface your request at our standup and see about adding it. (alternatively you could clone/fork the webapp and add global http intercepts yourself)

For connecting to an HTTPS api server, I think you've got the right idea but I'll need to spin up the same configuration to test against to see what's going on there. I'm thinking there's some cookie/session/header type thing going on(guessing from the UNABLE_TO_VERIFY_LEAF_SIGNATURE part). you might try setting secure: false on that redirect(that flag tells webpack dev srvr to validate ssl certs) just to see.

jamietypovsky commented 2 years ago

We are going to add a cloud formation that stands up the API server with the SSL Client authentication using SSL Certs.