AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How Amplify Auth and Cognito Hosted UI set cookie?

1

Hello, I was able to use Amplify Auth and Cognito Hosted UI and enforce cookie storage. However, I do not know which one set-cookie, or which one store the auth information into my web browser cookie?

A. Cognito Hosted UI (exchange response code then set-cookie via HTTP response header)

B. myweb.amplify.com (redirected url/?code=123xxx) web server exchange the response code and set-cookie via HTTP response header

C. Amplify Auth javascript from client side (my web browser) exchange the response code and set-cookie

Here is my Amplify Auth configuration and I used Cognito Hosted UI as well

Amplify.configure({
    Auth: {
            cookieStorage: {
      // - Cookie domain (only required if cookieStorage is provided)
      domain: '.yourdomain.com',
      // (optional) - Cookie path
      path: '/',
      // (optional) - Cookie expiration in days
      expires: 365,
      // (optional) - See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
      sameSite: 'strict' | 'lax',
      // (optional) - Cookie secure flag
      // Either true or false, indicating if the cookie transmission requires a secure protocol (https).
      secure: true
    },
}
})
주제
프론트엔드 웹 및 모바일보안, 신원 및 규정 준수
태그
AWS Amplify아마존 Cognito
언어
English
hai
질문됨 일 년 전5815회 조회
1개 답변
1

It appears that you are using Amazon Cognito Hosted UI to handle user authentication for your web application. When a user signs in to your application using Cognito Hosted UI, the following process occurs:

The user is redirected to the Cognito Hosted UI login page. The user enters their login credentials and submits the form. If the login is successful, Cognito Hosted UI exchanges the login response code for a set of access and refresh tokens. Cognito Hosted UI then sends a set-cookie header in the HTTP response with the access and refresh tokens as the cookie value. Therefore, the correct answer to your question is:

A. Cognito Hosted UI (exchange response code then set-cookie via HTTP response header)

The set-cookie header is sent by Cognito Hosted UI in the HTTP response after the user successfully signs in, and it is stored in the web browser's cookie storage by the web browser.

SeanSi
답변함 일 년 전
  • hai
    일 년 전

    Thank you for very clear explanation, I understand that flow. I am still confused because two things.

    1. After successfully logged in with the Cognito Hosted UI, I see the redirect_url with an appended code like: mydomain.amplify.com/?code=12345xxx => what does this mean? Does this mean mydomain.amplify.com will exchange the code for credentials (IdToken, AccessToken) and set credentials into my browser cookie?

    2. The amplify configuration below. My web is NextJS. Does this mean that the Amplify JS code living inside web browser exchange the code for credentials and set credentials to cookie? If I remove cookieStorage setting, then the credentials will be stored in LocalStorage instead.

    Amplify.configure({
    Auth: {
            cookieStorage: {
      // - Cookie domain (only required if cookieStorage is provided)
      domain: '.yourdomain.com',
      // (optional) - Cookie path
      path: '/',
      // (optional) - Cookie expiration in days
      expires: 365,
      // (optional) - See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
      sameSite: 'strict' | 'lax',
      // (optional) - Cookie secure flag
      // Either true or false, indicating if the cookie transmission requires a secure protocol (https).
      secure: true
    },
}
})

    and client/browser call

      const user = await Auth.federatedSignIn({
              provider: CognitoHostedUIIdentityProvider.Cognito
            })

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠