I'm using nextjs 12.1.6, nextauth ^4.5.0, cognito to create social sign ins. After successful sign in on the cognito Hosted UI, I get redirected to my nextjs app with this error in the url api/auth/signin?error=OAuthCallback. I'm not sure what the problem is. Here is the log I get:
here's the nextjs app:
My cognito callbacks:
My nextauth config :
Related
I am setting up a custom AWS Amplify auth application
Signing up, signing in was working fine until I enabled MFA on a user
So after sign in,
on "SOFTWARE_TOKEN_MFA"
I am redirecting to a modal for user to enter code from authenticator app
const loggedUser = await Auth.confirmSignIn(awsUser, userCode, challenge);
This function throws error of
Identity pool - does not have identity providers configured
I enabled TOTP in the AWS Console
I have created a sample custom app on AWS SSO and tried to authorize users with SAML.
The workflow is as follows:
User clicks custom app logo on SSO console and starts authentication flow. SAML IDP endpoint in this case is the endpoint which was created during custom application creation. Works ok.
AWS redirects to the defined ACS (Nest.js backend API server on localhost) with SAML Response. This also works ok. Response seems to be valid and includes all attributes etc.
Backend API validates the response and calls STS with AssumeRoleWithSAML command which sends the aforementioned SAML response to STS with role and principal ARNs. IDP endpoint is an accounts identity provider which has been created by AWS SSO. This does not work. It produces the following error:
An error occurred (InvalidIdentityToken) when calling the
AssumeRoleWithSAML operation: Invalid base64 SAMLResponse (Service:
AWSOpenIdDiscoveryService; Status Code: 400; Error Code:
AuthSamlInvalidSamlResponseException; Request ID:
55120f74-c9e8-4dac-b416-370b771339e5; Proxy: null)
So basically the problem is that AWS do not accept or is not able to process SAML response which was created by AWS.
What I do not understand here? Different issuer IDs or certificates causing the error?
Should I modify the SAML response before sending it back to AWS?
Edit: I made some changes to attribute mappings (see comments to this message) and it helped. However,now I get another type of error message:
InvalidIdentityToken: Issuer not present in specified provider
(Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code:
AuthSamlInvalidSamlResponseException;
I resolved this problem by creating a new identity provider on AWS IAM console and using the same custom application SSO meta data.
In my React Native App I am using API Keys with AWS AppSync and I want to move to using Cognito or IAM but with no user sign in.
My React Native app that just uses AWS Appsync to read to and write from DyanmoDB.
I initially set up the app to use API keys as it was easier to understand and I'm now attempting to transition to using AWS Cognito or IAM.
To do this in my AWS Console I changed the "Appsync->MyAppAPI->Settings->Default authorisation mode"/"API-level" from "API key" to "AWS Identity and Access Management (IAM)".
I then created an Identity Pool and allowed "Enable access to unauthenticated identities".
My aws-exports file is
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.
const awsmobile = {
"aws_appsync_graphqlEndpoint": "https://xxxxx.appsync-api.eu-west-x.amazonaws.com/graphql",
"aws_appsync_region": "eu-west-X",
"aws_appsync_authenticationType": "AWS_IAM",
"aws_appsync_apiKey": "xxx-xxxxxxxxxxxxxxxxxxxxxxxxxx",
};
export default awsmobile;
In my App.js file I have attempted to get the identityPoolId to be used and I have created this:
Amplify.configure({
url: config.aws_appsync_graphqlEndpoint,
region: config.aws_appsync_region,
auth: {
type: config.aws_appsync_authenticationType,
apiKey: config.aws_appsync_apiKey,
region: 'eu-west-x',
identityPoolId: 'eu-west-x:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
}
})
When I use the app to read from DynamoDB I get this error
[WARN] 04:51.835 API - ensure credentials error, No Cognito Federated Identity pool provided
I then went back to the Cognito Manage Identity Pool page and changed my identity pool to use Cognito as an authentication source and provided a User Pool ID and an App client id. But I still get the same error.
I am fundamentally missunderstanding something, could you offer any insight?
I configured a AWS Cognito user pool few months ago & connected it to node.js application, everything was perfect
Now, I want to connect laravel to AWS Cognito, I followed the instructions in this article
I get the following error
Error executing "AdminInitiateAuth" on "https://cognito-idp.eu-west-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.eu-west-1.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"UnrecognizedClientException","message":"The security token included in the request is invalid."}
UnrecognizedClientException (client): The security token included in the request is invalid. - {"__type":"UnrecognizedClientException","message":"The security token included in the request is invalid."}
I'm every sure the credentials is correct, but I get this error.
Is there any missing configuration in the article?
I've had the same 'problem' following the same article. I've fixed it by verifying my credentials in the .env
AWS_COGNITO_KEY=
AWS_COGNITO_SECRET=
These are the Access Keys of the IAM user
https://github.com/black-bits/laravel-cognito-auth#cognito-user-pool
I want to use api gateway in my client side app which was developed in react.js.I have hosted the standalone react.js app inside elastic beanstalk.I have used aws-sdk with STS service to get accesskey,secretKey etc.. from STS by using sts.assumeRole. But every time it is giving me
Uncaught (in promise) CredentialsError: Missing credentials in config
For STS service params I am using elasticbeanstalk service role
const params = {
RoleArn: 'arn:aws:iam::********:role/aws-elasticbeanstalk-
service-role',
RoleSessionName: 'AccountCredentials',
DurationSeconds: 3600,
};
const assumeRoleData = await sts.assumeRole(params).promise();
I am using create-react-app for react.js and I don't want to write any server side node.js code.Any way aws-sdk will work with Javascript so it should work alone with react.js .Please help