Amplify-console: Amplify console deployment: federated redirection doesn't work using custom domain
Note: If your issue/bug is regarding the AWS Amplify Console service, please log it in the
Amplify Console GitHub Issue Tracker
Describe the bug
I deployed me test website using amplify console and added a custom domain.
My domain is active and I can access my amplify deployed app using custom domain.
Here is my issue:
My oauth settings has below redirection settings
redirectSignIn:Â "https://

redirectSignOut: "https://
The issue is every time I login using federated google or
Facebook account it redirects me to the login page. I am using Amazon Hosted UI for my authentication.
When I run the app using npm start on my local machine with localhost:3000 everything works fine (localhost setup I use redirectSignIn: "https://localhost:3000/“) .
The console deployment redirect me to my login page.
If I do not use federated login and use username/password it works fine so clearly problem is the way redirection is happening.
Any insight about me doing something wrong.
yelhow
All 17 comments
Hi @dahersoftware, can your provide your appId and the region its located in?
nimacks
on 11 Sep 2019
@nimacks My appID is: d32u7uikgbxz55 and region is Ireland.
yelhow
on 11 Sep 2019
@dahersoftware just to clarify do you mean Amplify Auth ? https://aws-amplify.github.io/docs/js/authentication
I am using Amazon Hosted UI for my authentication.
nimacks
on 11 Sep 2019
@dahersoftware, also, have you setup any redirect rules which could have affected your app?
nimacks
on 11 Sep 2019
@nimacks No there are no redirect rules, by default only redirection rule I can see is the custom root domain is mapped to www.
yelhow
on 12 Sep 2019
@nimacks Any update on this?
yelhow
on 13 Sep 2019
We're still looking into this issue. We'll try and get you an update soon.
nimacks
on 13 Sep 2019
@nimacks Any update on this?
yelhow
on 17 Sep 2019
A few more issues I observed:
**POST https://daherskillops-dev.auth.eu-west-1.amazoncognito.com/oauth2/token 400
ConsoleLogger.js:111 [ERROR] 42:09.548 OAuth - Error handling auth response. Error: invalid_request
Uncaught (in promise) TypeError: Cannot read property 'accessToken' of undefined**
Above errors doesn't happen everytime but it fails frequently. Any suggestions?
[ERROR] 42:09.627 OAuth - Error handling auth response. Error: invalid_grant
I also see the above errors but during that login doesn't fail.
Also I am using lambda for pre-token generation when user log in and sometime it is very slow. It might be because of lambda cold start problem as my website doesn't have many users. Is there any way to improve this behavior.
yelhow
on 20 Sep 2019
@dahersoftware can you review this blog post and check your Facebook app settings: https://dev.to/dabit3/the-complete-guide-to-user-authentication-with-the-amplify-framework-2inh
We're not sure this is an issue with Amplify Console.
swaminator
on 27 Sep 2019
@swaminator This issue is not related to Facebook only it happens with google too.
See the screenshot below
yelhow
on 29 Sep 2019
@dahersoftware can you review this blog post and check your Facebook app settings: https://dev.to/dabit3/the-complete-guide-to-user-authentication-with-the-amplify-framework-2inh
We're not sure this is an issue with Amplify Console.
Also I used that link to configure my fedrated authentication. I noticed that problem persist with or without pre token lambda but pre token lambda slows it down more and sometime login is not successful.
yelhow
on 30 Sep 2019
Also I am using lambda for pre-token generation when user log in and sometime it is very slow. It might be because of lambda cold start problem as my website doesn't have many users. Is there any way to improve this behavior.
@dahersoftware discussed this offline with the team and we think it might have something to do with using Lambda for the pre-token generation. We have a number of users using us for social auth and we haven't heard this issue before. Is there any way you can give us more details about your setup, maybe even see your Lambda code?
swaminator
on 8 Oct 2019
@swaminator I tried many things but this error doesn't go away. See the screen below.
I have updated ampliy packages and still nothing helps.
I will show you my setup, Do you think we can get on a brief call and I will show everything I am doing. This issue is bothering me a lot now.
yelhow
on 11 Oct 2019
This is the complete request that gets failed most of the time:
Summary
URL: https://daherskillops-dev.auth.eu-west-1.amazoncognito.com/oauth2/token
Status: 400
Source: Network
Address: 52.215.133.77:443
Request
:method: POST
:scheme: https
:authority: daherskillops-dev.auth.eu-west-1.amazoncognito.com
:path: /oauth2/token
Accept: /
Content-Type: application/x-www-form-urlencoded
Origin: https://www.testdaher.com
Content-Length: 299
Accept-Language: en-us
Host: daherskillops-dev.auth.eu-west-1.amazoncognito.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15
Referer: https://www.testdaher.com/
Accept-Encoding: br, gzip, deflate
Connection: keep-alive
Response
:status: 400
Content-Type: application/json;charset=UTF-8
Pragma: no-cache
Access-Control-Allow-Origin: https://www.testdaher.com
Set-Cookie: XSRF-TOKEN=
X-XSS-Protection: 1; mode=block
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Date: Sat, 12 Oct 2019 16:46:33 GMT
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
Vary: Origin
X-Frame-Options: DENY
x-application-context: application:prod:8443
Server: Server
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
x-amz-cognito-request-id: edca11ec-9d86-4c6b-ad2c-351e801fdca1
Request Data
MIME Type: application/x-www-form-urlencoded
grant_type: authorization_code
code:
client_id:
redirect_uri: https://www.testdaher.com/
code_verifier:
yelhow
on 12 Oct 2019
By googling online problems about this, Like thread:
https://github.com/aws/amazon-cognito-auth-js/issues/206 , There are many threads going around the same topic.
Is there someone who can explain or redirect me to solve this problem?
I solve the very first redirection problem but couldn't get my head around on this invalid_grant one yet.
yelhow
on 12 Oct 2019
I looked little bit more and I found this thread:
https://github.com/aws-amplify/amplify-js/issues/3185
Then i checked my code if I am calling Amplify.configure multiple times and I found I was calling it twice. After fixing that problem my invalid_grant problem goes away.
yelhow
on 12 Oct 2019
Related issues
asyschikov
·
5Comments
OzzieOrca
·
3Comments
helloPiers
·
3Comments
dongjason1
·
3Comments
AustinZhu
·
4Comments
Most helpful comment
I looked little bit more and I found this thread:
https://github.com/aws-amplify/amplify-js/issues/3185
Then i checked my code if I am calling Amplify.configure multiple times and I found I was calling it twice. After fixing that problem my invalid_grant problem goes away.