SSO AWS Cognito Integration #10548
gdlin
started this conversation in
Contribute
SSO AWS Cognito Integration
#10548
Replies: 1 comment 1 reply
-
|
Hey @gdlin It may be that using a base64 encoded URL by default is the right way to go, instead of using JSON. If you wanted to create a PR where the encoding is the default method, then we can test it out! |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
@melohagan I've opened PR #11059 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi, I'm evaluating using BudiBase for my company. I'm having a problem integrating the SSO with AWS Cognito, which is crucial for us. I got everything working, but when I try to log in, I can see that the state parameter encoded in the authorize URL is in JSON.
It's something like https://endpont/authorize?[...]state={"handle":"xxxxxxxxxxxxxxxx"}
AWS Cognito specifically states in its documentation that the state parameter should be base64 encoded. If I encode it manually, go thorough the flow, and then decode it on the callback, everything works perfectly.
Is there any way to do this? I've looked into the code and it seems that it can be easily implemented by doing something like this:
budibase/packages/backend-core/src/middleware/passport/sso/oidc.ts
`class B64OIDCStrategy extends OIDCStrategy {
constructor(options: any, verify: Function) {
super(options, verify)
}
}`
And then use that class as a strategy. I don't know how to properly test it.
I'd appreciate some help here if there's a simple way to achieve this base64 encoding of the state parameter, and if there isn't, some help on how can I test this changes and maybe try to create a PR.
This seems to be the only modification required for Cognito to work with budibase SSO. Maybe a toggle can be added in settings to encode the status parameter using base64.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions