amplify-js icon indicating copy to clipboard operation
amplify-js copied to clipboard
verified publisher icon aws-amplify

Support completing an OAuth flow that is not initiated by Amplify (signInWithRedirect)

Open bbdev9805 opened this issue 1 year ago • 15 comments

Before opening, please confirm:

JavaScript Framework

Angular

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Amplify CLI

Environment information

# Put output below this line

  System:
    OS: macOS 14.1
    CPU: (12) arm64 Apple M3 Pro
    Memory: 66.95 MB / 18.00 GB
    Shell: 3.2.57 - /bin/bash
  Binaries:
    Node: 16.20.0 - /usr/local/bin/node
    npm: 8.19.4 - /usr/local/bin/npm
  Browsers:
    Chrome: 124.0.6367.119
    Safari: 17.1
  npmPackages:
    aws-amplify: ^6.0.28 => 6.0.28 
  npmGlobalPackages:
    @angular/cli: 16.2.0
    @aws-amplify/cli: 12.10.1
    corepack: 0.17.0
    npm: 8.19.4

Describe the bug

SSO via SAML works for SP-initiated but not for IdP-initiated SSO after upgrading to v6 from v5. I am redirected from the Idp to [https://www.example.com/?code=Authorization code] but cannot obtain the authentication token. When the getCurrentUser API is executed, a UserUnAuthenticatedException error occurs. IdP-initiated SSO also works in V5. This needs to be resolved immediately if IdP-initiated SSO is to be supported. https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation-idp-initiation.html

Expected behavior

As in V5, the token can be obtained correctly after redirecting from the Idp.

Reproduction steps

  1. Access Idp's portal page.
  2. Select the displayed application.
  3. Redirect to https://www.example.com?code=[Authorization code].
  4. UserUnAuthenticatedException error occurs by getCurrentUser() .

Code Snippet

// Put your code below this line.

// Execute `getCurrentUser()` after being redirected from Idp.
await Auth.getCurrentUser();

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

bbdev9805 avatar May 07 '24 09:05 bbdev9805

hello @bbdev9805 . Sorry for any inconvenience using the library. Amplify v6 supports OAuth flows initiated from the same App only. You would need to kick off the OAuth flow by calling the signInWithRedirect API

israx avatar May 07 '24 12:05 israx

@israx I have confirmed that it works with the signInWithRedirect API. However, when using IdP-initiated SSO, redirection occurs, making it impossible to use the signInWithRedirect API. What does it mean that IdP-initiated SSO, which was recently supported, cannot be used with Amplify v6? https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation-idp-initiation.html

bbdev9805 avatar May 08 '24 05:05 bbdev9805

supporting IdP logins would be a feature request. The Auth singleton in Amplify v5 has a listener that would capture any code query param returned from the social provider and finish the authentication process. Ideally we would need to have a dedicated API that allows to do the same.

israx avatar May 08 '24 15:05 israx

@israx have you got any further with the request to fix/begin supporting IdP logins again in v6? I am relying on this to upgrade from Amplify v5 -> v6.

Cheers.

Pylinho avatar Jun 19 '24 13:06 Pylinho

+1 for support please

chapati avatar Jun 27 '24 00:06 chapati

+1 as well. We are depending on this featured to be able to upgrade to version 6

hakonmuggerud avatar Jun 27 '24 08:06 hakonmuggerud

+1 Same

TimTimT avatar Jun 30 '24 06:06 TimTimT

+1 Cant update to v6 without this

Maxiweb avatar Jul 08 '24 14:07 Maxiweb

+1

OmarMuhtaseb avatar Jul 17 '24 12:07 OmarMuhtaseb

FYI, There was a duplicate issue, and it was suggested to downgrade to v5

https://github.com/aws-amplify/amplify-js/issues/12983#issuecomment-1934469713

OmarMuhtaseb avatar Jul 17 '24 12:07 OmarMuhtaseb

Hello everyone. I'll revisit this issue with the team to discuss its prioritization. Thank you for your patience.

israx avatar Jul 17 '24 13:07 israx

I deleted my comment because I think in retrospect it wasn't related to this specify issue - it seems I had in fact failed to configure my S3 bucket properly for SPA hosting - so apologies for that

jhw avatar Jul 19 '24 07:07 jhw

+1

pedrokiefer avatar Jul 29 '24 18:07 pedrokiefer

Hi @israx , Is there any news on this? I suppose the conclusion was that this is not a priority?

tllatruw avatar Sep 30 '24 07:09 tllatruw

@tllatruw and anyone following this feature request, just wanted to check in. While we don't have an ETA on when this will be supported, it's still being reviewed internally by our team. We will provide an update as soon as we can.

cwomack avatar Oct 07 '24 23:10 cwomack