Is it possible to set a custom favicon to the AWS Cognito hosted UI?
I am aware that the Cognito web interface offers a number of CSS customization but favicon was not among them.
I don't think so. https://forums.aws.amazon.com/thread.jspa?threadID=283090
Interestingly, when you do a re-direct from your site that has a favicon to your Cognito UI page for authentication then Chrome seems to carry your favicon over to the Cognito page and displays the icon in the tab. That only seems to work once you have gone through the authentication at least once. It does not work for other browsers. Maybe it is a bug in Chrome.
Related
So I am working on a project, the frontend is on Next.JS hosted on vercel, the backend is on Express.JS hosted on heroku.
I am using express-session along with passport JS to store the sessions.
On the frontend I am using axios for the HTTP calls. The cookie for the session is being saved on Chrome, but on Safari it is not being saved. I have gone through multiple StackOverflow posts but none worked. Safari is receiving the cookie in the header but it is not saving the cookie
Here is my cors configuration on express
What can be the issue here?
Alright, It turns out the reason for this happening is because Safari doesn't allow cross-domain cookies. So, the only true way to resolve this is by hosting the backend and frontend on different subdomains of the same domain.
In cases you can't deploy them within the same domain, you can turn off the Prevent Cross-Site Tracking in the Safari settings (both mobile and browser) to make it work with 3rd party domain cookies.
Background:
We have developed a Chrome extension with AWS backend, where AWS Cognito handles user authentication. Users can sign in from the extension popup.
We also built a mostly static website, where only some guides and information about the extension is presented to the public. No login is required here.
Everything works fine.
What we need to do now:
We're adding a new feature to the system that would require a small minority of our users to login to the website too. So, for this small group of users, we'd need the website to sync up with the extension so that the login session is the same between the site and the extension.
I'm aware that I can make all users sign in from the website instead of the extension popup, and then use a session cookie to be read by the extension. But I'd prefer not to implement this approach as the vast majority of users won't have anything to do the website, and we don't want to redirect them there just to sign in.
So, my question is: is there any elegant way to have the website and the chrome extension sync up on the user login session, given that all users use the extension to login first?
Of course, this is how multiple tabs for the same website work. It's called session management and most authN providers support this out of the box. If your extension is using an authentication provider, it is likely providing session management as well. Then just reuse that in the website.
I've implemented a simple OAuth2 for Authentication login system that is working reliably on my dev server using a localhost redirect uri.
When testing from a production server, with updated redirect uri, the Google account permission interface opens up for the user logging in. After authorizing account access, the browser just hangs on "Waiting for accounts.google.com..." and doesn't go anywhere. At this point, I can see that the application has been granted access to my profile by viewing account permissions on my Google account dashboard.
If I change the redirect uri to an invalid one, I do get the invalid redirect uri Google error message back, so it looks like the redirection cannot reach my redirect uri. I can reach the reditect uri directly through a browser though. Any pointers?
Had a similar problem trying to create a "Login with Google" App. Since this was my first Google App, and I was also just first using the social networking setups in the software package which I bought BEFORE the Google API had changed, I was at a complete loss as where to start.
It finally dawned on me to redirect Google (via the App settings in the developer console) to a test web page on my site (instead of the page defined by the software package,) and all worked as expected, meaning Google redirected properly to the test page (which was actually just my root index.php). This told me that because the Google API had changed, my software package functionality was obsolete, and I needed to explore the code there.
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?
I have apache authentication set up on a wordpress multi site instance, it works fine in firefox and chrome, you type in the username/pass once and then you can happily visit any page on the site. Unfortunately this is not the behavior in safari. Every time you go to another page, you must re-enter your credentials.
Is there some way I can look at the security exceptions for safari and set it to always trust the certificate or find some other setting to not ask for authentication on each page?