Logout from Kubeflow application with Auth0 causing infinite loop - auth0

I am trying to setup authentication to Kubeflow with Auth0, following this manual: Authentication using OIDC (with the difference, I setup google account instead of github as a IdP)
Now I am able to login with my Google account to kubeflow via auth0 (my email whitelisted in auth0 rule which allowing connection to the kubeflow application).
When I click to logout link in kubeflow it is running into an infinite loop. Looks like it redirecting to the same kubeflow logout URL. How can I setup redirect properly?

Related

Skip cognito hosted ui and use custom ui for social login

I am trying to bypass Cognito's hosted UI and have my custom UI for social login, I used Amplify for creating user with username and password, but for user creation using social login documentation says to use Cognito Hosted UI, is there a way to create user pool without using Cognito's Hosted UI.
I tried to build my own but after receiving code from google on redirect I don't know how to create data in Cognito's user pool

AWS Cognito Userpool - Cognito does not perform MFA challenge for Federated users

I have setup an userpool with two login methods. One using hosted UI with userpool to signup/sign-in users. And ther other using a Federated Identity Provider (IDP). For both login methods(Appclients) I have enabled and used Code Auth Flow + PKCE (So the code <-> token exchange could be completely handled by the client - react web frontend).
I have also setup an Identity pool for users' to get temporary credentials to complete the MFA (TOTP) setup from react web frontend.
Now, I could complete the MFA setup - showing the QR code (AssociateSoftwareToken), performing VerifySoftwareToken (after user gets the one time token using code generator app- google authenticator in my case) and updating userpool for user's preference with SoftwareTokenMfa settings.
When users Login using the hosted-UI (with useraccounts created through Cognito ), Cognito performs the MFA challenge before redirecting with (oauth) code.
But when users logged in using Federated Login, Cognito redirects the user back to application with oauth code.
Is there anyway, I could make Cognito perform MFA for users logging-in using Federated Login?

Auth0 - OAuth login with dynamic callback

I want to secure my Web-App with Auth0 in React. This means a user can login on my page and use the resulting Access Token to make requests to services behind AWS API Gateway.
But Auth0 requires that all possible Callback URLs are defined in the Dashboard.
This works well as long as the Application is hosted on a domain owned by me.
In my case the React App will be distributed as a Plugin (Shopify, Woocommerce). My users will install this Plugin and use my App through their shopsystem-UI. Which means that requests from the browser are made from their domain.
How should I securely access my Services through this client which is distributed on Domains which i don't know beforehead?
As my research shows, one solution would be Dynamic Application Registration. But with this I would end up with one Auth0 Application per user and Auth0 Limits that to 100 Applications.
How should I handle my case instead?

Cognito multi-tenant user pools

My Angular application needs to support multiple tenants as well as social logins like Facebook and Google. We are using AWS Cognito with Amplify. When setting up Cognito's app client, we can enter multiple sign-in and sign-out URLs used in the authentication flow between my app and federated providers like Facebook and Google.
I'm anticipating each tenant will have a unique URL - something like https://tenantA.my-app.com and https://tenantB.my-app.com.
How do you configure Cognito's sign-in and sign-out URLs to support multi-tenants, each with a different URL? Surely there's a better way then to keep sign-in and sign-out URLs configuration up-to-date with all valid tenant URLs?
With Angular, I can configure amplify with dynamic values for oauth.redirectSignIn and oauth.redirectSignOut. I'm unsure how to make Cognito's user pool reflect dynamic URLs representing each tenant.
Is it possible to have a 'clearing-house' url which Facebook and Google return to after authentication then this 'clearing-house' destination would redirect authenticated user to the correct tenant? I'm grasping at straws.
Thank you for your time.

Google login to vuejs application using aws cognito user pools

I have simple vuejs application and I use vue-google-signin-button plugin to login via google. That works correctly.
To login by user name and password I use aws cognito user pools. Which also works.
Is it possible to login via google and store logged in user in to user pool? I checked plenty of aws manuals but I haven't found such option.
Thanks