Comments (6)
I'm going to close this because it doesn't seem related to this repository. Please feel free to reopen if this changes or you have anything to add.
from github-cognito-openid-wrapper.
More questions about what the app client settings need to be for each of these:
- Generate client secret
- Enable sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH)Learn more.
- Only allow Custom Authentication (CUSTOM_AUTH_FLOW_ONLY)Learn more.
- Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH)
from github-cognito-openid-wrapper.
After creating a new app client and telling it not to generate a client secret, I'm no longer getting the previous error, just Invalid username or password
. My github login requires MFA, so I'm wondering if that may also be affecting the result.
from github-cognito-openid-wrapper.
What settings do I need to activate on my cognito app client? Do I need to set Callback URL(s), Sign out URL(s)? Do I need to check any allowed OAuth flows? How about OAuth scopes?
The required cognito setup should be descibed here and here. (I mention this because if it's not, I should update the documentation).
I think the only App Client setting you need is to ensure that your github identity provider is enabled in the AWS console - under Enabled Identity Providers on the App Client Settings screen (under App Integration).
Generally, your app client settings shouldn't matter for this shim though, since your cognito app client doesn't talk to the shim. The following diagram might help:
Your App Client <--> Cognito <---> github-cognito-openid-wrapper <---> GitHub
Remember that from GitHub's perspective, github-cognito-openid-wrapper
is an OpenID App Client.
For the first error, were you correctly setting the client secret? This is GITHUB_CLIENT_SECRET
in your created copy of config.sh
. This is the secret for your github OpenID App you created in Step 1, not your Cognito App Client (see the diagram above - the shim doesn't need any settings from the App Client).
Does this handle 2FA?
It depends what you mean. Cognito can do 2FA for you - that's beyond the scope of this shim, though. It should also handle github accounts with 2FA enabled - my GitHub account has 2FA enabled and it works fine.
In the early development, I did have some problems authorising the github app when github wanted to do the 2FA challenge first (the 2FA challenge would appear, and then I'd get a 500 error when I put in the code). I think this was a GitHub bug which has since been solved (because I haven't experienced it again). I worked around it by logging in to github in a different tab first.
Are there any additional logs where I could find more detail about failed login attempts to try to troubleshoot further?
Unfortunately, Cognito doesn't have any logs for debugging.
If you suspect the shim is the problem, you can run it locally with the node instructions and watch the traffic (let me know if you want help with this).
If you suspect your app client is the problem, you could enable another identity provider (eg Google) and test logging in with that.
Where exactly is Invalid username or password
coming from? Cognito or GitHub? At what point in the process does this error appear? Do you get redirected to the github login page correctly?
from github-cognito-openid-wrapper.
You asked about these specific setttings:
- Generate client secret
- Enable sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH)Learn more.
- Only allow Custom Authentication (CUSTOM_AUTH_FLOW_ONLY)Learn more.
- Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH)
I don't think these settings are relevant to this shim (because they're about your app client, not the shim) - but since it's easy for me to tell you mine:
I have a client secret generated, and the others are not checked.
If your cognito app client settings are the problem, I suspect the problem is to do with your app, and not this shim.
from github-cognito-openid-wrapper.
Thanks for the detailed response! I did put the client id and secret into my config.sh file as directed. The error message I'm getting is being displayed on the boilerplate login page that I'm using as part of the AWS Amplify framework. I'm not getting redirected to the github login page.
from github-cognito-openid-wrapper.
Related Issues (20)
- Bad id_token issuer HOT 3
- CDK as a deployment alternative HOT 2
- github accounts with 2FA fail HOT 3
- Can I use the access token to access the GitHub API? HOT 3
- Getting username attribute mapping required error HOT 3
- GitHub Error - 400 error getting token HOT 3
- Will I be able to consume the GitHub access_token? HOT 5
- Way to add GitHub OAuth scopes HOT 3
- GitHub App vs Github OAuth App HOT 2
- Failed to provide user info: Request failed with status code 403 HOT 6
- Question: Can the auth flow to GitHub be initiated without the Cognito Hosted UI? HOT 16
- Using cognito /logout endpoint not initiating new authn handshake with GitHub HOT 5
- Authenticating With GitHub MFA HOT 1
- Thoughts on how to update some custom claims coming from GitHub after the initial authorization in the OIDC flow HOT 3
- Undefined GITHUB_API_URL and GITHUB_LOGIN_URL HOT 1
- End of AWS Lambda support for nodejs10: July 30th HOT 2
- Token endpoint does not verify client secret HOT 4
- How to develop/test locally HOT 3
- How can I limit GitHub authentication only for users in my GitHub organization HOT 2
- Github App Compatibility HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from github-cognito-openid-wrapper.