-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to use https redirectSignOutUrls when using amplify v6 #12890
Comments
Hello, @cranberyxl 👋 and thank you for opening this issue. Can you confirm that you're only seeing this issue when you upgraded to v6, and if you downgrade back to v.5x that the problem goes away? |
The problem goes away in v5 only because we can use a custom webview solution like |
@cranberyxl, thank you for the confirmation. I'll mark this as a bug then and review this with the team internally. We'll comment back with updates or further questions as we make progress. |
cranberyxl when you configured SSO provider on Amazon Cognito you dont need to go to the sign out endpoint manually, you can configure that directly on Cognito. Have you tried that? More information on Cognito docs |
@elorzafe The nature of our auth setup does not allow for this. We need the ability to use different redirect urls in different scenarios on the react-native experience just like we would be able to do in a web context. |
Hey @cranberyxl 👋 what is the use case you're looking to address where the Cognito-initiated IdP signout is not sufficient? Is there a particular solution you have in mind to address this? |
@josefaidt Our authentication situation involes an upstream OIDC connection that then provides the SSO experience.
I have not been able to get the upstream provider to logout without directly calling its logout url as part of the logout redirect, which then properly handles the auth cookies in the browser session. I don't understand why I can't provide a completely valid https signOut url to the new amplify library when using react native. I'm also very confused as to why there would be an array of signOut urls when only one of them can be redirected to after cognito signs out. |
Ah thanks for the clarification @cranberyxl ! The OIDC provider is a great callout, as unfortunately the "single logout (SLO)" feature is only supported for SAML IdP's.
From the information above this falls into the "custom workflow" callout for OIDC IdP's to initiate the upstream signout.
This is a valid callout! We do allow configuring multiple signin/signout redirect URI's, however it is not surfaced to the client API as you've experienced. Although, this would be desirable for custom flows like you have where you're attempting to initiate signout for your upstream OIDC provider. Let me chat with the team and follow-up with next steps 🙂 |
Hey @cranberyxl 👋 to provide an update here we'll keep this issue labeled as-is as we work towards a solution to enable this in favor of supporting upstream signout for oidc flows. |
Any update on this? |
Is this related to a new or existing framework?
React Native
Is this related to a new or existing API?
Authentication
Is this related to another service?
Cognito
Describe the feature you'd like to request
When using a federated SSO client we need to be able to signout of the upstream provider inside of the webview. TO do this we want to be able to call something like https://upstreamSSOProvider.com/logout?post_logout_redirect_uri=mobile%3A%2F%2F, however https urls are rejected on react native. The upstream logout prodivder will ultimately redirect back to the
mobile://
url as the cognito logout would do.Describe the solution you'd like
The ability to override the
invalidRedirectException
thrown here, using the provided signout uriDescribe alternatives you've considered
Additional context
No response
Is this something that you'd be interested in working on?
The text was updated successfully, but these errors were encountered: