I have an app use trustlogin(https://portal.trustlogin.com/) to authenticate with amazon cognito user pool
I use this article to setup authentication: authorization-endpoint
and add it into trustlogin app
In my application, I use aws-amplify for authentication
the problem is: when I signout in my app, it work fine with aws-amplify configure, but when signout/change account in trustlogin portal, the account in my app still the previous account,even if I re-authenticate with the above endpoint(authorization-endpoint), it still doesn't work.
I have try to get accessToken after re-authenticate but user data not change
Related
I'm using IdentityServer4 with Asp.Net Core Identity. In Identity Server I enabled GOOGLE as external provider. I'm able to LOGIN with GOOGLE. The first time I try to LOG IN with GOOGLE the Identity Server shows to me the pages of the GOOGLE where I can choose the account or insert my credentials.
When I LOGOUT I receive the message that I'm logged out but when I try to LOGIN again with GOOGLE I'm directly logged in without to enter my credentials and if I have more than 1 GOOGLE account I'm not able to choose a different one.
This happens both if I connect directly to the server from the Login screen and if I do it via AuthRequest in Expo native app calling endsession endpoint with id_token_hint enhanced.
Why? I'm getting crazy.
I found this solution:
await WebBrowser.openAuthSessionAsync("https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://myIdentityServerEndSessionEndpoint", "exp://myReactNativeApp");
From all the great tutorials I looked for of how to add an auth module for a react app in amplify. The only type of module I see is a complete feature of sign in + sign up.
What I'm trying to achieve is:
Set up a custom Cognito user pool and add users to the pool manually.
Add custom sign-in/login UI + code to a react amplify app.
Disable anyone but me to add new users to the Cognito user pool manually.
The website I'm working on is an internal website and I don't want anyone to be able to sign up via AppSync or the react client.
Please help :)
This won't be very difficult - you simply don't implement the front-end functionality to add a new user. Then, in your Cognito user pool config, there is an option User sign ups allowed? which you would set to Only administrators can create users.
Edit: Also, consider using the hosted UI, it may save you some front-end work.
I have a React Native app that uses Okta's hosted login page to authenticate.
When a user successfully authenticates for the first time through the PKCE flow, on every other login afterwards, they get automatically logged in as the same user.
I've used additionalParameters: { prompt: 'login' }, but it only asks for you to re enter your password and if you click signout, it brings you to a Citrix page that doesn't change anything about the flow - they still get logged back in as the same user after the fact.
I've tried using both the revoke and logout endpoints which actually changes the cookies a bit, but doesn't affect the flow same goes with restarting the app.
The only way is to clear hardware settings in xcode.
This may not even be an Okta specific issue, perhaps a general OIDC issue.
How does the hosted login page store and know you've previously logged in and how can that be fixed?
Problem:
I am using Aws Cognito using google as external federated identity for auth of my application:
problem is it logs me in with the last user when having only one signed in google account. Basically it seem its simply not able to logout the user completely.
Heres what is happening :
I am logged into google with e.g user a#gmail.com
I login into cognito via the external federated identity use the above email and login. All iz well.
I now logout and want to login into cognito using 'b#gmail.com', now say I created the account using another browser and never used the current browser, so browser does not know about this.(In short I am logged into just one gmail account in this browser.)
When I try to signin I am shown the option to 'Signin with Google' but it never presents me the account selection screen and directly logs me in.
I am using the screen cognito shows at https://mydomain.auth.auth.us-east-1.amazoncognito.com/login
Using Prompt:
I see that google itself has a way to force the user to select an account using the 'prompt' : select_account option. But I see no way to specify this anywhere in cognito.
Question :
- Anyone have any fix / workaround to above problem? I need a way to 'always' show the account selection so that he can choose or use a different account.
Did you try the logout endpoint from cognito ?
- Yes, This is happening even after I send the user to the logout endpoint of cognito, which is probably supposed to logout the user.
Is there a setting, either in Google projects or in Firebase databases for specifying that unauth should not cache user credentials? One I have logged into my app via the Firebase Google authentication, calling unauth() does not permit me to log in again with a different account. An attempt to login after that immediately logs in with the old credentials without asking for a new username and password. Closing and reopening the browser after the logout didn't help.
Firebase doesn't have access to your credentials when you use its Google authentication. Instead it uses OAuth to create a relationship between the Google account and your application.
When you call unauth Firebase expires the token that is part of the current session. But it does not remove the relationship between the Google account and your application. That's why you "automatically" get a new token when you call auth... next time.
It is up to each individual user to revoke the rights, which in the case of a Google account they can do at the Account Permissions page: https://security.google.com/settings/security/permissions