- 最新
- 最多得票
- 最多評論
Hi, there are 3 things to keep in mind while hosting an SPA with Cognito auth behind CloudFront:
- how to generate CloudFront redirects to index.html for non-existing S3 paths,
- how to managing the logged-in state on the client side (in the browser),
- how to get an auth token that can be validated by CloudFront for protected resources and authenticated users.
To generate redirects to /index.html please refer to the Error pages tab of your distribution in the AWS Console. Configure redirects for non-existing resources on S3 with response code override like shown on the attached screenshot. You may want to configure only one redirect (just for 403), because S3 uses this status code for non-existing objects.
To handle Cognito integration, please refer to our battle-tested solutions, like Amplify Authentication to manage user session state in your React application. Similarly for backend/ CloudFront redirections to the IdP login screen, you can have a look at our library cognito-at-edge. It leverages Lambda@Edge to validate the token on every request and generate redirections if needed (when the auth token is not present in the request).
Hello
From your Details section, Step 4, When Cognito redirects back to your Application Callback, I am assuming you validate your token, what is your next step ? Does the API call go on the same call, I am assuming no, so how do you save you token ? I think there is some gap in getting the token and revalidating when actual api call happens
相關內容
- 已提問 6 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 8 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
Thank you. I'll look into this and reply back with the results. For the sake of simplicity I left out some details which are relevant to the third bullet point in your answer.