Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(@aws-amplify/auth): Easier Federation with OAuth #3005

Merged
merged 17 commits into from
Apr 8, 2019
Merged

feat(@aws-amplify/auth): Easier Federation with OAuth #3005

merged 17 commits into from
Apr 8, 2019

Conversation

undefobj
Copy link
Contributor

@undefobj undefobj commented Apr 4, 2019

Issue #, if available:
Fixes #2716

Description of changes:

  • OAuth flows for Cognito Hosted UI endpoints
  • Removed dependency on https://github.com/aws/amazon-cognito-auth-js
  • Automatic STATE and PKCE support
  • Better typings for Auth category
  • More unit tests for federatedSignIn
  • Comprehensive configuration checks for Federation scenarios
  • Preserved backwards compatibility with Identity Pools only federation
  • Updates React Native withOAuth HOC to use new API

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ghost ghost assigned undefobj Apr 4, 2019
@ghost ghost added the review label Apr 4, 2019
@undefobj
Copy link
Contributor Author

undefobj commented Apr 4, 2019

@powerful23 please review very carefully, including the code changes to withOAuth HOC in aws-amplify-react

@undefobj
Copy link
Contributor Author

undefobj commented Apr 4, 2019
edited
Loading

To test:

  1. Create a new React app
  2. yarn add aws-amplify@beta aws-amplify-react@beta -E
  3. Have an aws-exports file that has:
  • Just a User Pool which has Hosted UI enabled via new Amplify CLI
  • User Pool with Hosted UI & Social Providers
  • An Identity Pool and User Pool with Hosted UI federated together
  • An Identity Pool only (legacy support, as per current documentation
    Example aws-exports file: 
    const awsmobile =  {
  "aws_project_region": "us-east-1",
  "aws_cognito_identity_pool_id": "us-east-xxxxx",
  "aws_cognito_region": "us-east-1",
  "aws_user_pools_id": "us-east-xxxxxx",
  "aws_user_pools_web_client_id": "xxxxxxxx",
  Auth:  
  { 
    oauth: {
      domain: 'xxxxxxxxx-east-1.amazoncognito.com',
      redirectSignIn:  'http://localhost:3000/',
      redirectSignOut: 'http://localhost:3000/',
      scope : ['phone', 'profile', 'openid'], 
      responseType: 'code'
    },
  }
};

export default awsmobile;
  1. Call federatedSignIn() in your app to start the login process and the flow will automatically be handled. You can also pass in a social provider to completely bypass the Hosted UI. For example a React app:
import Amplify, { Auth } from 'aws-amplify';
import awsmobile from './aws_exports';
Amplify.configure(awsmobile);


class App extends Component {

  render() {
    return (
      <div>
      <div className="App">
        <button onClick={() => window.open('http://localhost:3000', '_self')}>Local Host</button>
        <button onClick={() => Auth.federatedSignIn({provider: 'Facebook'})}>Open Facebook</button>
        <button onClick={() => Auth.federatedSignIn({provider: 'Google'})}>Open Google</button>
        <button onClick={() => Auth.federatedSignIn()}>Open Hosted UI</button>
        <button onClick={() => Auth.signOut()}>Sign Out</button>
      </div>
    );
  }
}

You should see JWT tokens and/or AWS credentials in local storage, depending on the combination of User Pools/Identity Pools you have in your config file. You can also use Auth.currentCredentials() or Auth.currentSession() after the redirect to validate you have the credentials.

This was referenced Apr 4, 2019
Closed
Closed
@ddennis
Copy link

ddennis commented Apr 4, 2019

Scope exist multiple times inside oauth, is that on purpose?

 oauth: {
       ....
      scope: ['aws.cognito.signin.user.admin'],
      scope : ['phone', 'profile', 'openid','aws.cognito.signin.user.admin'], 
      ......
    },

@undefobj
Copy link
Contributor Author

undefobj commented Apr 4, 2019

Scope exist multiple times inside oauth, is that on purpose?

No just a typo. Fixed.

powerful23
powerful23 reviewed Apr 4, 2019
View reviewed changes
packages/auth/src/Auth.ts Outdated Show resolved Hide resolved
packages/auth/src/OAuth/OAuth.ts Outdated Show resolved Hide resolved
@ghost ghost assigned manueliglesias Apr 5, 2019
powerful23
powerful23 approved these changes Apr 8, 2019
View reviewed changes
Copy link
Contributor

@powerful23 powerful23 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

@undefobj undefobj merged commit 76cde59 into aws-amplify:master Apr 8, 2019
@ghost ghost removed the review label Apr 8, 2019
@jessedoyle jessedoyle mentioned this pull request Apr 8, 2019
Merged
@jessedoyle
Copy link
Contributor

jessedoyle commented Apr 9, 2019
edited
Loading

@undefobj @powerful23 - I think this change introduced a few bugs in withOAuth for aws-amplify-react-native.

I'm seeing the following warning in our app after upgrading aws-amplify-react-native from 2.1.9 to 2.1.10 (where I believe this change was implemented):

Screen Shot 2019-04-09 at 4 05 07 PM

Furthermore, it's looking like this change broke our custom provider login using withOAuth for a code grant type in React Native.

  • In version 1.1.24 the flow works fine and we are able to authenticate with a custom provider.
  • After updating only aws-amplify-react-native to 1.1.25, the login always fails with the following error: NotAuthorizedException: Token is not from a supported provider of this identity pool.

I'd be happy to provide additional details if necessary!

@powerful23
Copy link
Contributor

@jessedoyle Hi, thanks for reporting! Can you open an issue in the repo and link it to this pr? We will track it there.

@jessedoyle
Copy link
Contributor

@powerful23 - Will do, thanks!

@jessedoyle jessedoyle mentioned this pull request Apr 9, 2019
Closed
@morrys morrys mentioned this pull request May 26, 2019
Closed
@hotgazpacho hotgazpacho mentioned this pull request Jun 3, 2019
Open
@rally25rs
Copy link

If anyone familiar with how this PR works could look at https://github.com/aws-amplify/amplify-js/discussions/7971 and tell me what I'm doing wrong, I would greatly appreciate any help 🙏

@github-actions
Copy link

This pull request has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@powerful23 powerful23 powerful23 approved these changes

@manueliglesias manueliglesias Awaiting requested review from manueliglesias

@elorzafe elorzafe Awaiting requested review from elorzafe

Assignees

@undefobj undefobj

@manueliglesias manueliglesias

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@undefobj @ddennis @jessedoyle @powerful23 @rally25rs @manueliglesias