Skip to content
This repository has been archived by the owner on Mar 3, 2022. It is now read-only.

Authentication Header not present in the token request #1107

Closed
LukvonStrom opened this issue May 15, 2020 · 2 comments
Closed

Authentication Header not present in the token request #1107

LukvonStrom opened this issue May 15, 2020 · 2 comments

Comments

@LukvonStrom
Copy link

Dear maintainers,
I'm running into errors when trying to get this library to work with AWS Cognito.
It seems like AWS is expecting an Authorization header to be present(https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html), when the token request is done, which it is not.

Token Request(copied from the Chrome network tab):

General:
    Request URL: https://auth-nativecloud-d.auth.eu-central-1.amazoncognito.com/oauth2/token
    Request Method: POST
    Status Code: 400 
Response Headers:
    access-control-allow-credentials: true
    access-control-allow-origin: http://localhost:3000
    cache-control: no-cache, no-store, max-age=0, must-revalidate
    status: 400
    x-amz-cognito-request-id: [snip]
Request Headers:
    :authority: auth-nativecloud-d.auth.eu-central-1.amazoncognito.com
    :method: POST
    :path: /oauth2/token
    :scheme: https
    content-type: application/x-www-form-urlencoded
    referer: http://localhost:3000/callback?code=[snip]&state=[snip]
Form Data:
    client_id: [snip]
    code: [snip]
    redirect_uri: http://localhost:3000/callback
    code_verifier: [snip]
    grant_type: authorization_code

Configuration:

export const userManagerConfig = {
  authority: "https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_OCLp33801/.well-known/openid-configuration",
  client_id: "[snip]",
  secret: "[snip]",
  redirect_uri: "http://localhost:3000/callback",
  response_type: "code",
  scope: "openid",
};

It would be great if you could help us diagnose, why the Authorization header is not present (if needed I can supply you with the nescessary credentials for the Cognito instance too)

Kind regards and thanks in advance,
Lukas
@frontendplace
Copy link

frontendplace commented May 23, 2020
edited
Loading

@brockallen Any idea when the pull request 1060 to #892 will be merged? this will resolve this i think too?

@LukvonStrom
Copy link
Author

LukvonStrom commented May 25, 2020
edited
Loading

Fixed it by removing the secret both on Cognito's side (see aws-amplify/amplify-js#4426 - no auto generation allowed) and on the client side.

Aparently the identification via Authentification header was not needed after all, even though I second the merge of #1060 - an universal library should support such basic flows imho )

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frontendplace @LukvonStrom