Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Federated login works once, then fails consistently #2

Open
nickwrightmaintel opened this issue Mar 2, 2023 · 1 comment
Open

Federated login works once, then fails consistently #2

nickwrightmaintel opened this issue Mar 2, 2023 · 1 comment

Comments

@nickwrightmaintel
Copy link

0
I have used this code to add federated authentication for an Azure AD to my React application. The first time I tried logging in, it presented me with an MS login screen and I logged in successfully. Every subsequent attempt doesn't pop the MS login screen, it just fails with an error "Invalid user attributes: email. The attribute is required." If I try in a different browser, it works the first time and then fails. Also, I was expecting an external user to be created within my userpool, but it wasn't.

My thinking is that it caches the login details and uses them in subsequent logins, but doesn't actually cache the email address.

The client-side code I'm using is this:

Amplify.configure(
  {
    Auth: {
      region: "<my region>",
      userPoolId: "<my userpool id",
      userPoolWebClientId: "<my app ID>",
      oauth: {
        domain: "<my domain>",
        scope: ["email", "openid", "aws.cognito.signin.user.admin", "profile"],
        redirectSignIn: "http://localhost:3000/SearchScreen",
        redirectSignOut: "http://localhost:3000",
        responseType: "code"
      }
    }}
)

and then my button code:

 <Button
                  block
                  variant="success"
                  onClick={() =>
                    Auth.federatedSignIn({provider: props.federatedIdName})
                  }
                >
                  Federated Sign In
                </Button>

Should I be providing additional details into federatedSignIn?

The only potential solution I've found is this: https://stackoverflow.com/questions/50365699/saml-attribute-mapping-for-aws-cognito-signup-or-signin-works-but-not-both

One proposed solution there is to disable and delete the user from the pool, but as I mentioned, the user isn't created.
@nickwrightmaintel
Copy link
Author

I solved this my following this video:

https://youtu.be/QHoOChLVv_k?t=973

The attribute mappings for email are actually ../claims/name, not ../claims/email. It returns the userprinciple name, which is also the user's email.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nickwrightmaintel