I'm using Amazon Cognito with the Built-In login page. I'd like to provide a link where I can customize my site after the user logs in based on where the user is coming from.
If I change the redirect_uri to a page that is different than configured in the App client settings I'll get a redirect_mismatch error.
If I add a query param it does not preserve it.
https://auth-local.auth.us-west-2.amazoncognito.com/login?response_type=code&client_id=<myid>&redirect_uri=http://localhost:4201/after-login&TEST_QUERY_PARM=1
Goes to:
http://localhost:4201/after-login?code=[code]
There is no TEST_QUERY_PARM that I set in the redirect_uri.
Is there any way I can track where it came from?
-
EDIT: I'm using AWS Chalice/Lambda for backend server
Did you try to configure two application clients each with its own callback URL.
So to track calls from different sources you will do something like:
?response_type=code&client_id=<myid_1>&redirect_uri=<myurl_1>
?response_type=code&client_id=<myid_2>&redirect_uri=<myurl_2>
or you can actually configure several callback URLs for one App Client by separating them by a comma.
Related
I want to know which user has signed up on my Cognito hosted UI.
I configured everything accordingly to the AWS documentation.
When opened, the UI works just fine.
As soon as it comes to the redirect to my website it appends a UUID code like this:
https://example.com/signup?code=140ac1a7-aaaa-bbbb-cccc-180bcb7c55f0
But it seems that the given code has nothing in common with the user that was just created.
Where am I missing something?
Additional info: I'm working on a java backend, so I cannot use the JS SDK
I tried to change the response_type to token instead of code but then the hosted UI redirects me to:
https://example.com/signup?#error_description=unauthorized_client&error=invalid_request
The UUID is the access code. With it u can get the access token which can provide you with the user information.
The documentation can be found here:
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
And the request looks like this:
POST https://your-pool.auth.your-region.amazoncognito.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
client_id=your-code&
code=the-access-code&
redirect_uri=your-redirect
We have 2 domain in salesforce:
1-) https://gablesinsurancerecovery.my.salesforce.com
2-) https://gableinsurancerecovery.force.com
and we have 2 user:
developer#cloudspade.com
communitytest#cloudspade.com
developer#cloudspade.com mail work with success on 1. domain but not work on 2. domain.
Likewise, communitytest#cloudspade.com mail work with success on 2. domain but not work on 1.domain.
Its not a problem. Problem is:
2.domain is important to us. Because we have a react-native project by forcereact and we want work with community domain. ( 2. domain ). We setup with successfully this link: https://www.youtube.com/watch?v=9zxMUrayFZ8&t=1634s
We was work with perfectly with the video in the link for login.salesforce.com or 1. domain but doesn't work for 2. domain.
Error is:
error image
As seen in the photo we was see a page. But our expectation was that it would working we send redirect_uri. The redirect_uri we sent was to return "girApp://success" with an access_token and instance_url at the end. But we encounter a screen as you can see in the photo. Redirect is not working. Our goal is to access the access_token with redirection within the application after login and authorize.
Lots to unpack here.
***.my.salesforce.com is your main domain, for internal users. ***.force.com is for Customer/Partner Experience Cloud (formerly known as Communities, formerly known as Portal).
developer#cloudspade.com mail work with success on 1. domain but not
work on 2. domain
Out of the box Salesforce is perfectly fine with internal users logging in to community or even 1-click switching over from internal SF to community. Collaboration and all that. Your administrator probably marked only certain profiles / permission sets as community members, you'd need to check config. But it's possible to use the community login page, you guys just chose not to.
communitytest#cloudspade.com mail work with success on 2. domain but
not work on 1.domain
Yes. Community members must use community login page. They can't use generic login.salesforce.com, test.salesforce.com or your branded ***.my.salesforce.com
works perfectly with (...) login.salesforce.com or 1. domain but
doesn't work for 2. domain
That's because most of the time the community login url must be full. Just the domain might not be enough for login because you can have up to 100 communities under same domain. You probably saw the example when you were enabling communities (Setup -> Digital Experiences -> Settings)
Go to Setup -> Digital Experiences -> All sites and write down the url you'll see there. It'll probably be something like ***.force.com/myportal. That means that for API login you might have more luck with ***.force.com/myportal than ***.force.com.
Stop reading this answer now and go read Sitecore - How to get User ID if the user was logged in using external identity provider (Salesforce SSO). Play with that OpenId Heroku app, once you get this to work with community user in the browser - you'll know which url to put in your react app. React developer might "like" this link too: https://gablesinsurancerecovery.force.com/.well-known/openid-configuration
It's kind of written in this article's footer: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_endpoints.htm&type=5
Instead of using login.salesforce.com, you can also use the My Domain,
Experience Cloud site, or test.salesforce.com (sandbox) domain in
these endpoints. For hostname, use the My Domain, Experience Cloud
site, or custom URL
I have made an api in laravel with socialite and github and I need to log out so that the application asks me with which github account I want to log in every time.
What you are asking is how to logout from your registered user (which used Github) and destroy the oAuth session of github?
Maybe have a look at this:
laravel socialite logout issue
OK.
If you are using socialite, do check the documentation of each provider you use. Probably you should make a GET or a POST request to their service in order to log out the user.
For example, Globus.org uses this link (documentation link) in order for you to log out your users:
GET https://auth.globus.org/v2/web/logout
Clicking it will log out your user from your service.
Do note that most provider might use similar techniques.
Use POSTMAN to make such requests and experiment (especially when you are trying to register users, making calls with POSTMAN might seem helpful)
Then you are faced with the following issue:
What type of data did you store on you database? (the next bullet might help you understand what I mean)
Did you store in some way, the provider name the user used to login to your system?
If so, each provider might use a different way to log out / register a user from your Laravel project.
Currently I'm trying to access data from my shopify store through local host and I'm getting the CORS error. I realize this question has been asked but I couldn't find an answer. Also I realize that this is a bad practice since credentials are exposed. I have a local computer that for a reason (with out taking the time to explain it) needs to be able to GET data from my shopify store. This HAS to be done in javascript so I am using XMLHttpRequest like so:
var url = "https://apikey:secretkey#mystore.myshopify.com/admin/orders.json?limit=25&page=2";
this is based on this answer on SO: shopify how to get product data using php in my localhost
In the above I'm passing my apikey and secret key from an app I've setup and approved on my account. One thing I didn't do is whitelist my ip which I'm not sure if that's what would allow me to get the data. This returns a CORS error.
I've also tried this:
var url = "https://username:password#mystore.myshopify.com/admin/orders.json?limit=25&page=2";
Here I pass my username and password and I get the CORS error also.
What is a challenge is that if I'm logged into the account or not logged in when I go to my browser window I can go to this url: "https://username:password#mystore.myshopify.com/admin/orders.json?limit=25&page=2"; and the json data appears in my browser window.
Again this has to be done in javascript and it has to be done from a local computer.
The way I went about this is forget the XMLHttpRequest. To access the shopify api via my local host I used the node library provided here: https://www.npmjs.com/package/shopify-api-node
I'm marking this as the answer just in case someone in the future is attempting to do this.
I have an app that already successfully uses google oauth, but now I am trying to setup a staging deployment. It is a rails app with devise and omniauth, but I think there might be a problem with how I configured Google.
In the google api admin panel (https://code.google.com/apis/console) I can see the existing app. I created another one with a different callback url (because it is staging). Using Postman (a fancy way to edit the url parameters) I can send a get request to google with the current production client_id and redirect_url and it works fine. When I copy and paste in the new clients (staging's) client_id and redirect_url I always get the error Error: invalid_client.
I'm sure where to start with trying to the figure out the problem, but I've tried a lot of different steps, renaming the urls, changing the client secret, or recreating the client in the admin panel. Any ideas? This error is rather cryptic.
We had a temporary issue with a small set of client ids. The issue should be resolved. If you are still having problems please follow up.