-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-cognito: oAuth.callbackUrls
of UserPoolClient
should not have http://example.com
#28204
Comments
UserPoolClient
oAuth.callbackUrls
of UserPoolClient
should not have http://example.com
thanks @jolo-dev for reporting this. This seems to be bug in the code. |
I agree that things like
and the Say we keep the prop as optional and throw an error if it's empty. This means if a user is configuring this construct with the defaults for the first time, they will get an error prompting them for at least one callback url. Not a great experience. The other option: we only throw an error when |
Hey @markmansur,
Really? Have you tried to deploy it without a
@markmansur Yes, exactly. |
No worries! 🙂
Yeah, see this example const pool = new CfnUserPool(this, 'pool')
new CfnUserPoolClient(this, 'client', {
allowedOAuthFlows: ['code', 'implicit'],
userPoolId: this.splitArn(pool.attrArn, cdk.ArnFormat.SLASH_RESOURCE_NAME).resourceName!
})
callbackUrls can only be empty when there // works!
const pool = new CfnUserPool(this, 'pool')
new CfnUserPoolClient(this, 'client', {
userPoolId: this.splitArn(pool.attrArn, cdk.ArnFormat.SLASH_RESOURCE_NAME).resourceName!
}) // works!
const pool = new CfnUserPool(this, 'pool')
new CfnUserPoolClient(this, 'client', {
allowedOAuthFlows: ['client_credentials'],
generateSecret: true,
userPoolId: this.splitArn(pool.attrArn, cdk.ArnFormat.SLASH_RESOURCE_NAME).resourceName!
}) |
Oh that's weird. @markmansur I have added some comments on your PR |
Describe the bug
The property
oAuth.callbackUrls
ofUserPoolClient
should be mandatory whenflows.authorizationCodeGrant
orflows.implicitCodeGrant
istrue
otherwise, theoAuth.callbackUrls
results into['http://example.com']
.Expected Behavior
An error is thrown when
oAuth.callbackUrls
is empty butflows.authorizationCodeGrant
orflows.implicitCodeGrant
istrue
.Current Behavior
oAuth.callbackUrls
results into['http://example.com']
Reproduction Steps
Possible Solution
Either remove the default or put a guardrail or throw an error when
flows.authorizationCodeGrant
orflows.implicitCodeGrant
istrue
andoAuth.callbackUrls
is not set.Additional Information/Context
No response
CDK CLI Version
2.110.0
Framework Version
No response
Node.js Version
18.15
OS
macOS 14.1
Language
TypeScript
Language Version
5.2
Other information
No response
The text was updated successfully, but these errors were encountered: