Incorrect redirection on session expiration with Cognito/Google
stripethree opened this issue · 3 comments
When a session expires, ra-auth-cognito
does not appear to correctly redirect a user to the Cognito hosted UI.
In this state, this is what appears to happen, in chronological order:
getPermissions
is called in theauthProvider
- the call to
userPool.getCurrentUser()
returns a valid user - the call to
user.getSession
returns an error: Cannot retrieve a new session. Please authenticate. getPermissions
returnsPromise.reject
with the error
- the call to
checkAuth
is called in theauthProvider
- the call to
userPool.getCurrentUser()
returns a valid user - the call to
user.getSession
returns an error: Cannot retrieve a new session. Please authenticate. checkAuth
returnsPromise.reject
with the error
- the call to
If the {loginPage}
attribute on <Admin>
is set to Login
(from this library), the user is forwarded to the Login
view. This is not useful since username/password is not enabled. There appears to be no way to return to the Cognito Hosted UI login page without manually updating the URL in the location bar. Clearing browser data, navigating back to the applications root URL, etc. all lead to this scenario.
If the {loginPage}
attribute on <Admin>
is set to false
, which makes sense given the information in #2, the screen is stuck on a loading view:
Making the following change in authProvider.ts
checkAuth
function resolves the issue in my testing:
user.getSession((err, session) => {
if (err) {
console.log(err);
// log the error?
+ return redirectToOAuthIfNeeded(new HttpError('No user', 401));
- return reject(err);
}
Changing this in getPermissions
is not possible without larger changes, given where the redirectToOAuthIfNeeded
is currently defined.
More information on the configuration of the application I am developing and how I am testing
- testing using Brave Version 1.48.164 Chromium: 110.0.5481.100 (Official Build) (arm64)
- Cognito and Google project set up according to documentation in this repository, with the exception that the Cognito application is configured to us Google as the only identity provider. Cognito user pool is not enabled.
- Hosted UI is enabled using a Cognito domain, no custom domains
- Additional information on the configuration of the Cognito app client:
Authentication flows
ALLOW_CUSTOM_AUTH
ALLOW_REFRESH_TOKEN_AUTH
ALLOW_USER_SRP_AUTH
Authentication flow session duration
3 minutes
Refresh token expiration
60 minutes
Access token expiration
5 minutes
ID token expiration
5 minutes
- Relevant package versions in the project:
"amazon-cognito-identity-js": "^6.1.2",
"ra-auth-cognito": "^1.0.0",
"ra-core": "4.7.2",
"ra-data-simple-rest": "4.8.1",
"react": "^18.2.0",
"react-admin": "4.7.1",
"react-dom": "^18.2.0",
"react-scripts": "5.0.1",
Please let me know if I can provide any more details that would help.
Thanks for the detailed report and the fix. I was able to reproduce it and fix it
Hi, I still have this exact same issue with 1.0.1...