Giter Club home page Giter Club logo

sst-ion-auth-issue's Introduction

Issue opened here

The issue

In this repo, I'm creating an auth flow that should (I think) work for Google OIDC. The deployed SST app works as expected, but the sst dev behavior differs in unexpected ways.

Using SST CLI v0.0.419.

Steps to recreate the issue

  1. Make sure your aws CLI is properly configured to allow creating AWS (Instructions here)
  2. Create a Google OIDC Client ID (Instructions here)
  3. Make sure you have SST CLI installed globally (Instructions here)
  4. Run sst install
  5. Create an SST Secret to store the OIDC Client ID created above
    1. sst secret set GoogleOidcClientId <VALUE>
  6. Run sst dev, which should create all the AWS infra described in sst.config.ts
  7. When the infra setup completes, the console should display a URL for the newly created AuthRouter. It should be something like https://<UNIQUE_ID>.cloudfront.net. In our Google Cloud credentials dashboard, we need to add an authorized redirect URI using this url. The URI must be the URL followed by /google/callback since that is what our auth handler (declared in src/auth.ts) expects, so for example https://<UNIQUE_ID>.cloudfront.net/google/callback. Note: It may take 5 minutes to a few hours for settings to take effect
  8. Once the authorized redirect URI has been established, with sst dev running, we can curl our infra to test the auth flow, replacing the values in angled brackets with the corresponding values created above: 
    curl -X GET https://<UNIQUE_ID>.cloudfront.net/google/authorize\?redirect_uri=https://<UNIQUE_ID>.cloudfront.net/google/callback\&response_type=code\&client_id=<GOOGLE_OIDC_CLIENT_ID>

Expected result: A 200 response, with a JSON body detailing a 302 redirect

Observed result: A 200 response, but no response body

The CloudWatch logs (see the sanitized logs in cloudwatch_logs.txt) show that when running sst dev and hitting the endpoint, the auth handler Lambda function is receiving the correct message (the JSON body with the 302 info).

We can actually view the expected result if we sst deploy instead of sst dev:

  • Close the sst dev process
  • Run sst deploy
  • Once deploy completes, run the same curl command as above.

Whats up with that??

sst-ion-auth-issue's People

Contributors

madisonbullard avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.