Hiện tại thì Oauth2-Proxy incounter issue with Cognito.
https://github.com/oauth2-proxy/oauth2-proxy/pull/2265
oauth2-proxy encodes the redirect-URL as part of the state parameter to the authorization endpoint. AWS doesn’t give a full documentation on valid characters, but it hints that URL-encoding data will not work and advice to do a base64 encoding instead.
https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
This patch will do a base64-encoding of the redirect URL in the state variable.
Chúng ta cùng mổ sẻ vấn đề.
Problem: AWS Cognito doesn’t like the way OAuth2-proxy is encoding the redirect URL in the state
parameter. It prefers base64 encoding instead of the current method.
Solution: Use base64 encoding for the redirect URL before putting it in the state
parameter.
Steps:
- Before Sending to AWS Cognito:
- Take the redirect URL.
- Convert it to a base64 format.
- Use this base64 string as the
state
parameter.
- After Getting Response from AWS Cognito:
- Take the
state
parameter (which is in base64 format). - Convert it back from base64 to get the original redirect URL.
- Use this URL to redirect the user.
- Take the
- If Something Goes Wrong:
- Check if there’s an error during the conversion process.
- Handle the error (like showing a message to the user).