Comments (4)
ottokruse
commented on July 19, 2024
Mmm.... that makes no sense to me. Is this when the nonce mismatch occurs?
Are you using federation with you Cognito user pool? If so, have a read of this #32 and #21 they explain why we added base64 encoding of state.
Was this an incidental error? How often does this happen?
from cloudfront-authorization-at-edge.
alexantom
commented on July 19, 2024
@ottokruse this happened only twice or so, couldn't reproduce the issue again. Let me take a look into the issue mentioned
from cloudfront-authorization-at-edge.
ottokruse
commented on July 19, 2024
Believe this was caused by the + / and = characters that can be present in base64 encoded strings.
We URI encoded these to be able to put them in the URL state query param, that should be returned to us by Cognito unaltered after sign-in. However, together with another user I was able to uncover that Cognito URL decodes the state query param on the way back. Our code did not expect that.
Implemented a work around in #47 that should prevent any unexpected URI component decoding.
Not 100% sure that this solves your issue, the state param you mention contains a space character, which I cannot explain - copy-paste typo?
Closing this issue for now. Please report back if this issue persists
from cloudfront-authorization-at-edge.
alexantom
commented on July 19, 2024
Thanks @ottokruse for the details, will take a look
from cloudfront-authorization-at-edge.
Related Issues (20)
- CloudFormation did not receive a response from your Custom Resource HOT 19
- Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”) HOT 2
- Refresh issue after token expires HOT 8
- On signout Required String parameter 'redirect_uri' is not present HOT 5
- Possible Open Redirect (CWE-601) in sample code HOT 2
- nonce cookies are not expired HOT 1
- [Feature request] Support multiple Cognito user pool clients HOT 4
- custom domain is not redirecting to cognito hosted ui HOT 1
- Getting blocked by CORS policy but unable to figure out the source HOT 5
- Node version bump HOT 7
- Custom IDP with Amplify and Auth at Edge HOT 9
- Fail on delete of the stack HOT 3
- Function must be in an Active state error on deploying the solution HOT 7
- Errors from Lambda when destroiyng the stack HOT 2
- Cognito TAGS HOT 1
- How Do I add User Pool attributes to Cookies? HOT 1
- A potential risk in cloudfront-authorization-at-edge which can be used to upload malicious code. HOT 4
- Having the ability to tune logs HOT 1
- Deployment to eu-west-2 fails with error: Encountered a permissions error performing a tagging operation HOT 4
- Missing User-Agent header in Post request to cognito HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloudfront-authorization-at-edge.