aws-amplify-identity-broker icon indicating copy to clipboard operation
aws-amplify-identity-broker copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Make the broker 100% OIDC standard

Open xavierraffin opened this issue 5 years ago • 1 comments

As mention in the documentation, there is one small exception to the standard that the broker makes:

/oauth2/userinfo: The Oauth2 standard stipulate that the UserInfo endpoint MUST accept Access Tokens as OAuth 2.0 Bearer Token Usage. The broker do not use that but instead is expecting the token to be provided inside a HTTP header named access_token. If this is a bloker for you, you can use the UserInfo endpoint that Amazon Cognito expose directly.

This exception may be possible to fix by moving the /oauth2/userinfo from proxy lambda integration to proxy and therefore access the authentication headers within the lambda.

In your PR please add change to the doc (and on this page that link to the section above: https://github.com/awslabs/aws-amplify-identity-broker/blob/master/Documentation/ClientDeveloperDocumentation.md)

xavierraffin avatar Nov 20 '20 20:11 xavierraffin

Authorization header is not forwarded by cloudfront please check https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-authorization-header/

apigateway did forward Authorization header in case not setting authorize by aws_iam

clfsoft avatar Jun 15 '21 13:06 clfsoft