Amplify-js: Auth0 Federation not supported.

@kenyonj Thanks for the feedback! We are working towards a plugin based model and Auth is actually our next category. So we will use your use case for the feature. We will update this issue when we get the PR out.

Any status or ETA on this feature? Would love to use Auth0 with Amplify. Thanks!

@lorecrafting it's in our roadmap. Recently we are working on another project but we will try to bring this out ASAP. Thanks!

Awesome, thanks for the quick update! Going to get my hands dirty soon.

@mlabieniec @powerful23 Any update on this one? Thanks!

I have done it using the current version of aws-amplify but it's not very optimized especially because I generate tokens on a Java lambda function, and I have to deal with cold start... i encounter some latencies..

For the moment, when I get tokens from OAuth, I generate a new aws idToken using a Lambda Java function, and the latency is.. too bad. I have found this procedure on AWS forum, but it would be better to do this directly on reactjs... Any idea ?

I've got the Amplify withOAuth HOC setup and working...somewhat. I get redirected as expected to authenticate with auth0 but I get an error about the username attribute mapping required along with invalid request. I've setup auth0 as an identity provider through the cognito user pool and everything seems to be in order based on the various documentation I've pieced together. Anyone have suggestions on solving this?

@rclarkburns did you configure the Attributes Mapping in the Cognito Console?

Hi @powerful23 thanks for the response. I did. It defaults the cognito username mapping to sub which seems correct. I actually tried to update the mapping for this to double check and cognito won't allow any value except sub.

@rclarkburns could you paste the network requests or the error messages? I can try reproduce it.

Thanks @powerful23

Here are requests/responses after authentication.

Callback:

Request URL: https://ciclabs.auth0.com/login/callback
Request Method: POST
Status Code: 302 
Remote Address: 52.36.117.30:443
Referrer Policy: no-referrer-when-downgrade
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 2038
content-type: text/html; charset=utf-8
date: Mon, 24 Sep 2018 17:41:46 GMT
location: https://cic-mentor-679.auth.us-east-1.amazoncognito.com/oauth2/idpresponse?code=lAWhlxE5jpXipGGv&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMjVqZFRCNmVYUklhQ0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbUYxZEdnd0lpd2lZMnhwWlc1MFNXUWlPaUkwYzNRMVkzQTNaMjR4TkcwemFIWnNabVZrY2pOb2MyMXVNaUlzSW5KbFpHbHlaV04wVlZKSklqb2lhSFIwY0RvdkwyeHZZMkZzYUc5emREb3pNREF3SWl3aWNtVnpjRzl1YzJWVWVYQmxJam9pWTI5a1pTSXNJbkJ5YjNacFpHVnlWSGx3WlNJNklrOUpSRU1pTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpTENKd2NtOW1hV3hsSWwwc0luTjBZWFJsSWpwdWRXeHNMQ0pqYjJSbFEyaGhiR3hsYm1kbElqcHVkV3hzTENKamIyUmxRMmhoYkd4bGJtZGxUV1YwYUc5a0lqcHVkV3hzTENKdWIyNWpaU0k2Ym5Wc2JDd2ljMlZ5ZG1WeVNHOXpkRkJ2Y25RaU9pSmphV010YldWdWRHOXlMVFkzT1M1aGRYUm9MblZ6TFdWaGMzUXRNUzVoYldGNmIyNWpiMmR1YVhSdkxtTnZiU0lzSW1OeVpXRjBhVzl1VkdsdFpWTmxZMjl1WkhNaU9qRTFNemM0TVRBNE5UVXNJbk5sYzNOcGIyNGlPbTUxYkd3c0luVnpaWEpCZEhSeWFXSjFkR1Z6SWpwdWRXeHNMQ0pwYzFOMFlYUmxSbTl5VEdsdWEybHVaMU5sYzNOcGIyNGlPbVpoYkhObGZRPT06ZGk4dDRmWjlSeElpSTR2dHJ0ak5zWWU0TitmajZMQ3hjT1hHRHdYMlV2Yz0%3D
set-cookie: auth0=s%3AEEVJQ2JXiTaiW1OzBi59N3RBMiUkPUsf.l2To0s3toc4nk5vLYWL98qRsu%2Bdp8C6bGBiOotFfKl0; Path=/; Expires=Thu, 27 Sep 2018 17:41:46 GMT; HttpOnly; Secure
status: 302
strict-transport-security: max-age=15724800
vary: Accept
x-auth0-requestid: 939f33c941aabe93f320
x-robots-tag: noindex, nofollow, nosnippet, noarchive
:authority: ciclabs.auth0.com
:method: POST
:path: /login/callback
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
content-length: 1330
content-type: application/x-www-form-urlencoded
cookie: auth0=s%3AxHWrTza6jyUpf6gVJ1Wcm4vrUDewsAHo.NOpiD7698Nb4o00UQllmMprJa%2FlVFw3T6cgqGcV7ZII
origin: https://ciclabs.auth0.com
referer: https://ciclabs.auth0.com/login?state=CFeDeUZrMtC0P1RYurNaiKQrAnedVDFs&client=4DtYQCJXMb2QLdh4CPwdqWVsL7hx9KJI&protocol=oauth2&redirect_uri=https%3A%2F%2Fcic-mentor-679.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid%2Cemail%2Cprofile&response_type=code
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
wa: wsignin1.0
wresult: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyX2lkIjoiNWI5YWUzMjk3MmQ0YmI0N2Y5YTczMjcyIiwiZW1haWwiOiJjbGFyayttZW50b3ItYXV0aDBAY2FzdGlyb25jb2RpbmcuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInNpZCI6Ikc3MzNTU08tOEZXa1lwUXQ2VGRTSllmcGVJcGxkQmYtIiwiaWF0IjoxNTM3ODEwOTA1LCJleHAiOjE1Mzc4MTA5NjUsImF1ZCI6InVybjphdXRoMDpjaWNsYWJzOlVzZXJuYW1lLVBhc3N3b3JkLUF1dGhlbnRpY2F0aW9uIiwiaXNzIjoidXJuOmF1dGgwIn0.UcA0odqYrknuzpDzeRZjfGY8tVu4Fjont_Z-dtJw9H24TdsV3LZnqn9N0kuN4206NxRwsqA1N1rrwRfWJoLx55YqqDLO1f5Xz89wGVst-K0BkEqUE2LLrbf1vXKrl8gAx4m4t0iS-B7abZWIOQ9CTr80y4A2Kmesx-wkrsZFBDo
wctx: {"strategy":"auth0","auth0Client":"eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMC4yMy4xIiwibGliX3ZlcnNpb24iOiI4LjEwLjEifQ==","tenant":"ciclabs","connection":"Username-Password-Authentication","client_id":"4DtYQCJXMb2QLdh4CPwdqWVsL7hx9KJI","response_type":"code","scope":"openid,email,profile","protocol":"oauth2","redirect_uri":"https://cic-mentor-679.auth.us-east-1.amazoncognito.com/oauth2/idpresponse","state":"CFeDeUZrMtC0P1RYurNaiKQrAnedVDFs","sid":"G733SSO-8FWkYpQt6TdSJYfpeIpldBf-","realm":"Username-Password-Authentication","session_user":"5ba921d9dcd68921600243bc"}

Request/response with error:

Request URL: https://cic-mentor-679.auth.us-east-1.amazoncognito.com/oauth2/idpresponse?code=lAWhlxE5jpXipGGv&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMjVqZFRCNmVYUklhQ0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbUYxZEdnd0lpd2lZMnhwWlc1MFNXUWlPaUkwYzNRMVkzQTNaMjR4TkcwemFIWnNabVZrY2pOb2MyMXVNaUlzSW5KbFpHbHlaV04wVlZKSklqb2lhSFIwY0RvdkwyeHZZMkZzYUc5emREb3pNREF3SWl3aWNtVnpjRzl1YzJWVWVYQmxJam9pWTI5a1pTSXNJbkJ5YjNacFpHVnlWSGx3WlNJNklrOUpSRU1pTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpTENKd2NtOW1hV3hsSWwwc0luTjBZWFJsSWpwdWRXeHNMQ0pqYjJSbFEyaGhiR3hsYm1kbElqcHVkV3hzTENKamIyUmxRMmhoYkd4bGJtZGxUV1YwYUc5a0lqcHVkV3hzTENKdWIyNWpaU0k2Ym5Wc2JDd2ljMlZ5ZG1WeVNHOXpkRkJ2Y25RaU9pSmphV010YldWdWRHOXlMVFkzT1M1aGRYUm9MblZ6TFdWaGMzUXRNUzVoYldGNmIyNWpiMmR1YVhSdkxtTnZiU0lzSW1OeVpXRjBhVzl1VkdsdFpWTmxZMjl1WkhNaU9qRTFNemM0TVRBNE5UVXNJbk5sYzNOcGIyNGlPbTUxYkd3c0luVnpaWEpCZEhSeWFXSjFkR1Z6SWpwdWRXeHNMQ0pwYzFOMFlYUmxSbTl5VEdsdWEybHVaMU5sYzNOcGIyNGlPbVpoYkhObGZRPT06ZGk4dDRmWjlSeElpSTR2dHJ0ak5zWWU0TitmajZMQ3hjT1hHRHdYMlV2Yz0%3D
Request Method: GET
Status Code: 302 
Remote Address: 18.233.176.194:443
Referrer Policy: no-referrer-when-downgrade
cache-control: private
content-length: 0
date: Mon, 24 Sep 2018 17:41:47 GMT
expires: Thu, 01 Jan 1970 00:00:00 UTC
location: http://localhost:3000?error_description=username+attribute+mapping+required&error=invalid_request
server: Server
status: 302
strict-transport-security: max-age=31536000 ; includeSubDomains
x-amz-request-id: 8650a37d-d49e-4ff1-87dd-c70a298f107f
x-application-context: application:prod:8443
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
:authority: cic-mentor-679.auth.us-east-1.amazoncognito.com
:method: GET
:path: /oauth2/idpresponse?code=lAWhlxE5jpXipGGv&state=ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMjVqZFRCNmVYUklhQ0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbUYxZEdnd0lpd2lZMnhwWlc1MFNXUWlPaUkwYzNRMVkzQTNaMjR4TkcwemFIWnNabVZrY2pOb2MyMXVNaUlzSW5KbFpHbHlaV04wVlZKSklqb2lhSFIwY0RvdkwyeHZZMkZzYUc5emREb3pNREF3SWl3aWNtVnpjRzl1YzJWVWVYQmxJam9pWTI5a1pTSXNJbkJ5YjNacFpHVnlWSGx3WlNJNklrOUpSRU1pTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpTENKd2NtOW1hV3hsSWwwc0luTjBZWFJsSWpwdWRXeHNMQ0pqYjJSbFEyaGhiR3hsYm1kbElqcHVkV3hzTENKamIyUmxRMmhoYkd4bGJtZGxUV1YwYUc5a0lqcHVkV3hzTENKdWIyNWpaU0k2Ym5Wc2JDd2ljMlZ5ZG1WeVNHOXpkRkJ2Y25RaU9pSmphV010YldWdWRHOXlMVFkzT1M1aGRYUm9MblZ6TFdWaGMzUXRNUzVoYldGNmIyNWpiMmR1YVhSdkxtTnZiU0lzSW1OeVpXRjBhVzl1VkdsdFpWTmxZMjl1WkhNaU9qRTFNemM0TVRBNE5UVXNJbk5sYzNOcGIyNGlPbTUxYkd3c0luVnpaWEpCZEhSeWFXSjFkR1Z6SWpwdWRXeHNMQ0pwYzFOMFlYUmxSbTl5VEdsdWEybHVaMU5sYzNOcGIyNGlPbVpoYkhObGZRPT06ZGk4dDRmWjlSeElpSTR2dHJ0ak5zWWU0TitmajZMQ3hjT1hHRHdYMlV2Yz0%3D
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: XSRF-TOKEN=d3b02b79-21cf-494e-9093-bd3957f2a3b0
referer: https://ciclabs.auth0.com/login?state=CFeDeUZrMtC0P1RYurNaiKQrAnedVDFs&client=4DtYQCJXMb2QLdh4CPwdqWVsL7hx9KJI&protocol=oauth2&redirect_uri=https%3A%2F%2Fcic-mentor-679.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid%2Cemail%2Cprofile&response_type=code
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
code: lAWhlxE5jpXipGGv
state: ZXlKMWMyVnlVRzl2YkVsa0lqb2lkWE10WldGemRDMHhYMjVqZFRCNmVYUklhQ0lzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbUYxZEdnd0lpd2lZMnhwWlc1MFNXUWlPaUkwYzNRMVkzQTNaMjR4TkcwemFIWnNabVZrY2pOb2MyMXVNaUlzSW5KbFpHbHlaV04wVlZKSklqb2lhSFIwY0RvdkwyeHZZMkZzYUc5emREb3pNREF3SWl3aWNtVnpjRzl1YzJWVWVYQmxJam9pWTI5a1pTSXNJbkJ5YjNacFpHVnlWSGx3WlNJNklrOUpSRU1pTENKelkyOXdaWE1pT2xzaVpXMWhhV3dpTENKdmNHVnVhV1FpTENKd2NtOW1hV3hsSWwwc0luTjBZWFJsSWpwdWRXeHNMQ0pqYjJSbFEyaGhiR3hsYm1kbElqcHVkV3hzTENKamIyUmxRMmhoYkd4bGJtZGxUV1YwYUc5a0lqcHVkV3hzTENKdWIyNWpaU0k2Ym5Wc2JDd2ljMlZ5ZG1WeVNHOXpkRkJ2Y25RaU9pSmphV010YldWdWRHOXlMVFkzT1M1aGRYUm9MblZ6TFdWaGMzUXRNUzVoYldGNmIyNWpiMmR1YVhSdkxtTnZiU0lzSW1OeVpXRjBhVzl1VkdsdFpWTmxZMjl1WkhNaU9qRTFNemM0TVRBNE5UVXNJbk5sYzNOcGIyNGlPbTUxYkd3c0luVnpaWEpCZEhSeWFXSjFkR1Z6SWpwdWRXeHNMQ0pwYzFOMFlYUmxSbTl5VEdsdWEybHVaMU5sYzNOcGIyNGlPbVpoYkhObGZRPT06ZGk4dDRmWjlSeElpSTR2dHJ0ak5zWWU0TitmajZMQ3hjT1hHRHdYMlV2Yz0=

@powerful23 Let me know if you need any additional information. Thanks again for your help with this.

Hi @powerful23 Any thoughts on this? I think in the interim I will stark looking at just integrating directly with Auth0 and not lean on Cognito as this has become a blocker for the project I'm working on.

@rclarkburns I am working on to reproduce your problem but haven't done yet. Besides that from the error in the response there should be something not configured properly in your attribute mapping. How do you map your saml attribute to the user pool attributes. Is it something like http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> Email?

Hi @powerful23 I'm not sure I follow. I've setup the auth0 identity provider using OpenID within the Cognito user pool. Perhaps I overlooked some configuration? Thanks.

@rclarkburns OpenID. I think you should add the auth0 provider using SAML2.0. According to this: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-integrating-3rd-party-saml-providers.html

Thanks @powerful23 I'll give that a shot.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

@rclarkburns Did this end up working out for you? Im in a similar situation and am wondering what to do.

Hi @yemi Yes, if I recall correctly using SAMIL 2.0 got around this however the project I was working on ended up abandoning the HOC in favor of a custom auth flow.