ellaisys / aws-cognito Goto Github PK
View Code? Open in Web Editor NEWAWS Cognito package (with MFA Feature) using the AWS SDK for PHP/Laravel
Home Page: https://ellaisys.github.io/aws-cognito/
License: MIT License
AWS Cognito package (with MFA Feature) using the AWS SDK for PHP/Laravel
Home Page: https://ellaisys.github.io/aws-cognito/
License: MIT License
I'm using the code to login with guard api
provided here.
When I try to debug $cognitoClaim
, it is null
.
Also an error I get when debugging is
Error executing "AdminInitiateAuth" on "https://cognito-idp.us-east-1.amazonaws.com"; AWS HTTP error: cURL error 77: error setting certificate verify locations: ▶
CAfile: /Applications/MAMP/Library/OpenSSL/cert.pem\n
CApath: none (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://cognito-idp.us-east-1.amazonaws.com
Using Laravel 8, package version 1.0.0, PHP 8.0.3.
Email passed exists in the local database.
What are reasons behind this?
The line 51 on Http/Middleware/AwsCognitoAuthentificate.php has been commented :
#Http/Middleware/AwsCognitoAuthentificate.php
[...]
51 // $this->authenticate($request);
This is a huge security issue has the middleware don't validate authentification anymore...
In Auth/AuthenticatesUsers.php
need renamed $response
to $claim
in 64 and 66 lines, or renamed $claim
to $response
in 67 line.
if (config('cognito.add_missing_local_user_sso')) {
$response = $this->createLocalUser($credentials);
if ($response) {
return $claim;
}
} //End if
Hi guys,
First of all, thanks for your hard work.
Do you think there are any chance to have this working on Laravel 9 and Laravel Breeze/Laravel Jetstream packages?
Thanks.
User registration is working but the verification email is not sending. ?
I used the package and follow the steps in documentation to register new users. It is successfully registered but my user is not receiving verification email. When i checked UserPool via console, it seems like user's email is already verified. I think that is the reason why my user is not receiving verification email link via email
I have configured UserPool for receiving email verification link
When i checked package code, i found we are forcefully setting email_verified
as true in the file src/AwsCognitoClient.php
//Force validate email
if ($attributes['email']) {
$attributes['email_verified'] = 'true';
}
I doubt this is the reason why i am not receiving verification email. I don't want any user got automatically verified
Any suggestions?
Im using the web driver and have all authentication etc set up (thanks for the library btw!)
I'd like to check some custom attributes for the logged in user in middleware, to verify what they can and cant access in the system. I cant see any way of doing that - can you point me in the right directions?
Describe the bug
Error evaluating code regarding NEW_PASSWORD_REQUIRED
challenge. I believe the issue is with src/Guards/CognitoTokenGuard.php
in the hasValidCredentials
function, in the scenario that goes through the default break statement for the challenge name, session_token
is used as the key when creating a claim but in the login function in the same class, session
is expected, not session_token
($this->claim['session']
).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
To get a response requiring to change the password (status = NEW_PASSWORD_REQUIRED
and with the corresponding session key)
Desktop (please complete the following information):
I think it's not a good idea to save the raw cleartext password in the users table. You don't need to save the password at all! It's stored and verified by AWS Cognito.
Is your feature request related to a problem? Please describe.
Laravel session cookie doesn't respect the JWT access token's expiry, unless I'm understanding/doing something wrong,
because I would like the ability to be able to use the Cognito option to close all sessions (logout all devices) and once the JWT Token expires and tries to refresh the Laravel session gets logged out.
Describe the solution you'd like
That the Laravel cookie gets adjusted to respect & use the same expiry for its cookie as the JWT
Describe alternatives you've considered
No Idea
Additional context
Laravel Cookie expires after 2 hours even with this package implemented, yet the Cognito JWT access token is set to expire in 5 minutes.
Please maybe I'm not understanding everything correctly or am missing a crucial point in how this works, any help is appreciated.
is this library support for using with laravel octane?
hey it's me again.
I have a frontend that generates an oauth2 token via the hosted UI of Cognito. How can I use it in the backend to authenticate the user, when I try it via the normal API guard which uses the Cognito-token driver? Every time I try to send a request the backend sends
{
"message": "Invalid Authentication Token"
}
back.
It's working when I use Cognito to generate a bearer token, but I need to use OAuth2.
Frontend and Backend are using the same ClientID and Secret. What am I doing wrong?
Route:
Route::middleware('aws-cognito')->get('/user', function () {
return \auth()->guard('api')->user();
});
Guards:
'guards' => [
'web' => [
'driver' => 'cognito-session', // This line is important for using AWS Cognito as Web Driver
'provider' => 'users',
],
'api' => [
'driver' => 'cognito-token', // This line is important for using AWS Cognito as API Driver
'provider' => 'users',
],
],
Originally posted by gadget-man October 22, 2022
Hello! I've been looking to implement Cognito MFA (SMS) in my code. I've been previously using black-bits, but have just come across this repo. I can see that MFA was added in an earlier commit - however I can't see from the demo-app how it is implemented. Does anyone have any 'live' examples of how the login page of the demo app needs to be updated to catch SMS_MFA as the ChallengeName and allow the user to enter and submit the MFA code?
Any pointers in the right direction would be much appreciated!
Hi guys,
First of all great work!
Do you think there are any chance to have this working on laravel 8 and PHP 8?
A change to composer.json deps would be enough?
Thanks
Shouldnt this be "AWS_SECRET_ACCESS_KEY"?
Line 18 in f7c9527
I'm trying to use the library to create a simple portal around a lambda API thats authenticated using Cognito access tokens, so when a user logs in I need to be able to retrieve the access token associated with the cognito reponse you receive in the session guard hasValidCredentials
method.
Would you be open to a pull request that made this data available either by:
Let me know what you think
Is your feature request related to a problem? Please describe.
I would like to suggest a feature—specifically when registering new Cognito users.
I am using AWS Cognito as my authentication provider. I'm able to successfully create a user within Cognito, but would like the users' sub (uuid) returned so that I can use that within my Laravel application. This way the user_id
within my Laravel application matches the Username
(or sub) in Cognito. FWIW, I am using laravel as an API.
Describe the solution you'd like
When calling createCognitoUser()
, the aws instance is returned instead of true
. For example, a sample of the response:
"Username" => "84583468-8081-7000-901f-9d3de5b6b68b"
"Attributes" => array:6 [
0 => array:2 [
"Name" => "sub"
"Value" => "84583468-8081-7000-901f-9d3de5b6b68b"
]
1 => array:2 [
"Name" => "email_verified"
"Value" => "true"
]
2 => ...
Describe alternatives you've considered
I've tried implementing the register()
method, but do not wish to provide a password. I'd like Cognito to generate a temporary password just as it does when calling createCognitoUser()
.
Additional context
I have updated this file: vendor/ellaisys/aws-cognito/src/AwsCognitoClient.php
This is right around line #468.
Here I am returning the user that is created in Cognito. I'm also throwing an exception if the username exists.
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
...
try {
$user = $this->client->adminCreateUser($payload);
//Add user to the group
if (!empty($groupname)) {
$this->adminAddUserToGroup($username, $groupname);
}
} catch (CognitoIdentityProviderException $e) {
throw new BadRequestHttpException($e->getAwsErrorMessage()); // "message": "An account with the given email already exists.",
}
...
Returning the $user
above is returning me the AWS Cognito user. From there, I'm able to do something like this:
$user = new User([
'given_name' => $request->given_name,
'family_name' => $request->family_name,
'email' => $request->email,
'phone_number' => $request->phone_number,
]);
$user->id = $response['User']['Username']; // 84583468-8081-7000-901f-9d3de5b6b68b
$user->save();
As a part of our cognito, we intend on using the enterprise connections. Does/Will this work with those IDP connections?
Describe the bug
A clear and concise description of what the bug is.
As per your tutorial upon successful token refresh we should receive instanceof AwsCognitoClaim, however RefreshToken.php returns json so if ($claim instanceof AwsCognitoClaim) {
check fails.
It seems sending $claim object is best replacement, and sendFailedCognitoResponse
in case of error
i have done the most basic setup of the package and cognito and tried to register an user.
out of the box i am getting the following error:
"message": "Error executing \"AdminCreateUser\" on \"https://cognito-idp.eu-central-1.amazonaws.com\"; AWS HTTP error: Client error: `POST https://cognito-idp.eu-central-1.amazonaws.com` resulted in a `400 Bad Request` response:\n{\"__type\":\"InvalidSignatureException\",\"message\":\"The request signature we calculated does not match the signature you pr (truncated...)\n InvalidSignatureException (client): The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. - {\"__type\":\"InvalidSignatureException\",\"message\":\"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\"}",
"exception": "Aws\\CognitoIdentityProvider\\Exception\\CognitoIdentityProviderException",
AWS_ACCESS_KEY ID and SECRET have Administrator access
just to rule out the permission issue.
do you have any suggestions? what am i doing wrong?
i think the issue is on cognito side since the sdk is throwing the error and not your package
class RegisterController extends ApiBaseController
{
use RegistersUsers;
public function __invoke(Request $request)
{
$validator = $request->validate([
'email' => 'required|email|max:64|unique:users',
'password' => 'required|confirmed|min:8|max:64'
]);
$collection = collect($request->all());
$data = $collection->only('name', 'email', 'password'); //passing 'password' is optional.
try {
if ($cognitoRegistered = $this->createCognitoUser($data)) {
User::create($collection->only('email'));
return response()->json($cognitoRegistered);
}
} catch (InvalidUserFieldException $e) {
dd($e);
}
return response()->json($cognitoRegistered);
}
}
When accessing the chancepassword() method with below requWhen accessing the chancepassword() method with below request:
<?php
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Http;
use Illuminate\Http\Request;
use Ellaisys\Cognito\Auth\ChangePasswords as CognitoChangePasswords;
class UserController extends Controller
{
use CognitoChangePasswords;
/**
* Post to the Endpoint for changing a password of a User.
*/
public function changepassword(\Illuminate\Http\Request $request)
{
$reset_password = $this->reset($request, 'email', 'password', 'new_password');
return $reset_password;
}
public function getUser()
{
return response()->json(Auth::user());
}
}
I get the following error:
{
"message": "App\\Http\\Controllers\\Api\\V1\\UserController::changepassword(): Argument #1 ($request) must be of type Illuminate\\Http\\Request, Ellaisys\\Cognito\\AwsCognitoClient given, called in C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\ellaisys\\aws-cognito\\src\\Auth\\ChangePasswords.php on line 66",
"exception": "TypeError",
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\app\\Http\\Controllers\\Api\\V1\\UserController.php",
"line": 17,
"trace": [
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\ellaisys\\aws-cognito\\src\\Auth\\ChangePasswords.php",
"line": 66,
"function": "changepassword",
"class": "App\\Http\\Controllers\\Api\\V1\\UserController",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\app\\Http\\Controllers\\Api\\V1\\UserController.php",
"line": 23,
"function": "reset",
"class": "App\\Http\\Controllers\\Api\\V1\\UserController",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Controller.php",
"line": 54,
"function": "changepassword",
"class": "App\\Http\\Controllers\\Api\\V1\\UserController",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\ControllerDispatcher.php",
"line": 45,
"function": "callAction",
"class": "Illuminate\\Routing\\Controller",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Route.php",
"line": 262,
"function": "dispatch",
"class": "Illuminate\\Routing\\ControllerDispatcher",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Route.php",
"line": 205,
"function": "runController",
"class": "Illuminate\\Routing\\Route",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 721,
"function": "run",
"class": "Illuminate\\Routing\\Route",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 128,
"function": "Illuminate\\Routing\\{closure}",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\ellaisys\\aws-cognito\\src\\Http\\Middleware\\AwsCognitoAuthenticate.php",
"line": 52,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Ellaisys\\Cognito\\Http\\Middleware\\AwsCognitoAuthenticate",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\fruitcake\\laravel-cors\\src\\HandleCors.php",
"line": 52,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fruitcake\\Cors\\HandleCors",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\SubstituteBindings.php",
"line": 50,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Routing\\Middleware\\SubstituteBindings",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\ThrottleRequests.php",
"line": 127,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\ThrottleRequests.php",
"line": 103,
"function": "handleRequest",
"class": "Illuminate\\Routing\\Middleware\\ThrottleRequests",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\ThrottleRequests.php",
"line": 55,
"function": "handleRequestUsingNamedLimiter",
"class": "Illuminate\\Routing\\Middleware\\ThrottleRequests",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Routing\\Middleware\\ThrottleRequests",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 723,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 698,
"function": "runRouteWithinStack",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 662,
"function": "runRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 651,
"function": "dispatchToRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
"line": 167,
"function": "dispatch",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 128,
"function": "Illuminate\\Foundation\\Http\\{closure}",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\nova\\src\\Http\\Middleware\\ServeNova.php",
"line": 24,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Laravel\\Nova\\Http\\Middleware\\ServeNova",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull.php",
"line": 31,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TrimStrings.php",
"line": 40,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TrimStrings",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize.php",
"line": 27,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance.php",
"line": 86,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\fruitcake\\laravel-cors\\src\\HandleCors.php",
"line": 52,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fruitcake\\Cors\\HandleCors",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Http\\Middleware\\TrustProxies.php",
"line": 39,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\TrustProxies",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Http\\Middleware\\TrustHosts.php",
"line": 48,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\TrustHosts",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
"line": 142,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
"line": 111,
"function": "sendRequestThroughRouter",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\public\\index.php",
"line": 52,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\server.php",
"line": 21,
"function": "require_once"
}
]
}
```est:
Describe the bug
When I attempt login from Vue application frontend, nothing happens. The call response is empty, then another get request occurs. This is probably not important.
Digging into the code, I can see that the EloquentUserProvider is trying to run a DB query. I think this provider should not be in use at all.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
There should be some response. Logged in, invalid, whatever.
Desktop (please complete the following information):
Smartphone (please complete the following information):
N/A
Additional context
N/A
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
AuthenticateUser.php line 64 sends an (array) $credentials to CreateLocalUser
$response = $this->createLocalUser($credentials, $keyPassword);
and throw an error
Call to a member function except() on array
as on line 98 it's trying to remove password from it
$credentials->except($keyPassword)
after execute login
if ($claim = $this->attemptLogin($collection1, 'api', 'email', 'password', true)) {
if ($claim instanceof AwsCognitoClaim) {
return $claim->getData();
} else {
return response()->json(['status' => 'error', 'message' => $claim], 400);
} //End if
i get this output
{
"status": "error",
"message": {
"headers": {},
"original": {
"error": "cognito.validation.auth.failed",
"message": "Required parameter $user follows optional parameter $challenge"
},
"exception": null
}
}
Describe the bug
There is a hard coded phone number in the RegisterUsers
trait.
$collection['phone']='+919MASKED';
Describe the bug
The refresh method expects a validated user, but the reason to call refresh is that the token is expired (or nearing expiration).
//Get Authenticated user
$authUser = Auth::guard('api')->user();
//Get User Data
$user = $client->getUser($authUser[$paramUsername]);
$authUser will be null here, if we are using Headers guard on the API and the token is expired (But refresh token is good).
I built a more like api based a laravel application. There are also some other api services which is built with serverless structure and using cognito authorizers. Since both of the services are being used in the mobile platforms two different token structure is needed. To make it mono structure, it is being requested from me to use same cogito token for authorization. I have read the implementation especially for Token system and following is my solution which I believe will work better. Especially the reason I suggest this solution is the fact that cognito mobil sdks do the most of the job easily in terms of login, registration and token refreshing vice versa.
Solution
The package already verify the token and claim the user. However, I believe if we can add a column to User's data named sub, we can easily match the user and return the user. That's how we can use the powerful features of the User model.
Example Token Verification Payload
{
"sub": "aaaaaaaa-bbbb-cccc-dddd-example",
"aud": "xxxxxxxxxxxxexample",
"email_verified": true,
"token_use": "id",
"auth_time": 1500009400,
"iss": "https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_example",
"cognito:username": "anaya",
"exp": 1500013000,
"given_name": "Anaya",
"iat": 1500009400,
"email": "[email protected]"
}
Additional context
Since the program is already in production it is hard to make radical changes in the code. That's why what I am seeking for basically a cognito authorizer which I can match the verified user with already existing users using their sub. Why I am creating this issue is that I saw that this packages simply ignores sub and uses username since it is also unique. However, I think it is important to involve the sub which corresponds to id in our case.
I also could not understand the match mechanism of the package. From the example code
//Register User in cognito
if ($cognitoRegistered=$this->createCognitoUser($data)) {
//If successful, create the user in local db
User::create($collection->only('name', 'email'));
} //End if
I understand that you are matching users using their email by default. To change it the keyUsername should be changed. Can we change it to phone_number for example. If yes how we can do it?
class CognitoTokenGuard extends TokenGuard
{
/**
* Username key
*
* @var \string
*/
protected $keyUsername;
...
Appreciate your help and understanding.
Hi,
I set environment like ;
AWS_COGNITO_FORCE_PASSWORD_CHANGE_API=false
AWS_COGNITO_FORCE_PASSWORD_AUTO_UPDATE_API=true
but Cognito still set user status as Force change password.
Hello,
I am using this package and works like a charm, however, sometimes it throws an InvalidTokenException, and if I am running the same request, everything works alright. This happens only when the application is running on aws lambda, while on linux this error doesn't occur.
Does anyone have any idea why this would happen?
Hi,
Registration works fine but when I try to get login I am getting the below error. Can you please guide is there anything I am missing?
{
"status": "error",
"message": {
"headers": {},
"original": {
"error": "InvalidSignatureException",
"message": "InvalidSignatureException"
},
"exception": null
}
}
Sorry I am using your library for my project. Creating a new account is very convenient. But I have difficulty with login. I tried to fix it in many ways but they all say InvalidParameterException. Please help me. Thank you
The $keyUsername is literal at this point.
I expect the key name to be variable, as in the Guard implementation.
Hello,
Thank you for the great package! :)
I'm using it with laravel 8 app, for developing an API.
{
"status": "error",
"message": {
"session_token": "SESSION_TOKEN_HERE",
"username": "USERNAME",
"status": "NEW_PASSWORD_REQUIRED"
}
}
Then, if I try to call the user profile API endpoint (or any other API endpoint ) using the session_token from above, I'm getting this error:
{
"error": "UNAUTHORIZED_REQUEST",
"exception": "InvalidTokenException"
}
The API endpoints use the 'aws-cognito' middleware. Any ideas how to fix this? I also tried setting 'force_password_change_api' in the cognito.php config file to false, but it still adds the new users with Enabled / FORCE_CHANGE_PASSWORD status.
Thanks
Describe the bug
A clear and concise description of what the bug is.
When you have SSO enabled and the user you are trying to login with is not setup in the local database after login you get JSON returned instead of being redirected to home. If you then try and login again you get redirected to the home page. Below is what is retuned after intial login with no local user setup
{"email":"[email protected]","updated_at":"2023-11-21T16:37:51.000000Z","created_at":"2023-11-21T16:37:51.000000Z","id":67}
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
Hi,
I've managed to create a user and get redirected to my password change form after login but I'm having a couple of issues.
'_token' => 'hKVIQyW4hEJmd7Q1Bs3QiOyfYv8gDui2wC9L1AdH',
'email' => '[email protected]',
'password' => '**********',
'password_confirmation' => '********',
This fails because the validation rules are looking for "token".
return [
'token' => 'required_without:code',
'code' => 'required_without:token',
'email' => 'required|email',
'password' => 'required|confirmed|min:8',
];
What is "token" supposed to be? Is that the temporary password that I was emailed?
Just for testing, I removed the "token" and "code" from the validation rules and then continued on to the next issue.
AwsCognitoClient::FORCE_CHANGE_PASSWORD
. The if
statement that runs to determine whether password should be updated does not include this constant. See below. if (($user['UserStatus'] == AwsCognitoClient::USER_STATUS_CONFIRMED) ||
($user['UserStatus'] == AwsCognitoClient::RESET_REQUIRED_PASSWORD)) {
$response = $client->resetPassword($request[$paramToken], $request[$paramUsername], $request[$passwordNew]);
} else {
$response = false;
}
However, even if I add in a check for AwsCognitoClient::FORCE_CHANGE_PASSWORD
, I still get a failed update due to the missing token
.
Some guidance would be greatly appreciated. This seems like a great package and I would love to be able to use it.
Thanks,
Hey guys, I am trying to build a simple login currently. The login is based on your demo application but I always get the error "No Token Exception", Unauthorized Request... I don't know what I am doing wrong though. The registration works just fine without any errors but the login works only if I don't use the middleware or try to get the Cognito user instead of the db user for example:
Route::get('/home', function (AwsCognito $cognito) {
ddd($cognito->user());
return view('index');
});
or
Route::middleware('aws-cognito')->get('/home', function () {
//ddd($cognito->user());
return view('index');
});
Cognito Config is unedited on my profile is a repository called finance_aws which can be used to rebuild my application as long as you add your .env file.
Here's my code:
User.php:
<?php
namespace App\Http\Controllers;
use App\Models\User;
use Ellaisys\Cognito\Auth\AuthenticatesUsers;
use Ellaisys\Cognito\Auth\RegistersUsers;
use Ellaisys\Cognito\AwsCognitoClient;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
class UserController extends Controller
{
use RegistersUsers, AuthenticatesUsers;
public function register(Request $request, AwsCognitoClient $client): Application|RedirectResponse|Redirector|JsonResponse
{
$collection = collect($request->all());
$data = $collection->only(['email', 'username']);
try {
if ($this->createCognitoUser($data)) {
$user = new User($collection->toArray());
if(!$user->save()) {
$this->delete($collection->get('username'), $client);
}
return redirect(route('login'));
}
} catch (\Exception $e) {
return response()->json(['code' => $e->getCode(), 'msg' => $e->getMessage()]);
}
return response()->json(['status' => 'error']);
}
public function delete(String $username, AwsCognitoClient $client) {
$client->deleteUser($username);
if(User::find($username)->delete()) return response()->json(['success' => true]);
else response()->json(['success' => false]);
}
public function getPrivateInfo(String $username, AwsCognitoClient $client) {
return $client->getUser($username);
}
}
Kernel.php:
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'aws-cognito' => \Ellaisys\Cognito\Http\Middleware\AwsCognitoAuthenticate::class
];
config/app.php:
'providers' => [
/*
* Laravel Framework Service Providers...
*/
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
Illuminate\Bus\BusServiceProvider::class,
Illuminate\Cache\CacheServiceProvider::class,
Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
Illuminate\Cookie\CookieServiceProvider::class,
Illuminate\Database\DatabaseServiceProvider::class,
Illuminate\Encryption\EncryptionServiceProvider::class,
Illuminate\Filesystem\FilesystemServiceProvider::class,
Illuminate\Foundation\Providers\FoundationServiceProvider::class,
Illuminate\Hashing\HashServiceProvider::class,
Illuminate\Mail\MailServiceProvider::class,
Illuminate\Notifications\NotificationServiceProvider::class,
Illuminate\Pagination\PaginationServiceProvider::class,
Illuminate\Pipeline\PipelineServiceProvider::class,
Illuminate\Queue\QueueServiceProvider::class,
Illuminate\Redis\RedisServiceProvider::class,
Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
Illuminate\Session\SessionServiceProvider::class,
Illuminate\Translation\TranslationServiceProvider::class,
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
/*
* Package Service Providers...
*/
/*
* Application Service Providers...
*/
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
Barryvdh\Debugbar\ServiceProvider::class,
Aws\Laravel\AwsServiceProvider::class,
Ellaisys\Cognito\Providers\AwsCognitoServiceProvider::class,
],
'aliases' => [
'App' => Illuminate\Support\Facades\App::class,
'Arr' => Illuminate\Support\Arr::class,
'Artisan' => Illuminate\Support\Facades\Artisan::class,
'Auth' => Illuminate\Support\Facades\Auth::class,
'Blade' => Illuminate\Support\Facades\Blade::class,
'Broadcast' => Illuminate\Support\Facades\Broadcast::class,
'Bus' => Illuminate\Support\Facades\Bus::class,
'Cache' => Illuminate\Support\Facades\Cache::class,
'Config' => Illuminate\Support\Facades\Config::class,
'Cookie' => Illuminate\Support\Facades\Cookie::class,
'Crypt' => Illuminate\Support\Facades\Crypt::class,
'Date' => Illuminate\Support\Facades\Date::class,
'DB' => Illuminate\Support\Facades\DB::class,
'Eloquent' => Illuminate\Database\Eloquent\Model::class,
'Event' => Illuminate\Support\Facades\Event::class,
'File' => Illuminate\Support\Facades\File::class,
'Gate' => Illuminate\Support\Facades\Gate::class,
'Hash' => Illuminate\Support\Facades\Hash::class,
'Http' => Illuminate\Support\Facades\Http::class,
'Js' => Illuminate\Support\Js::class,
'Lang' => Illuminate\Support\Facades\Lang::class,
'Log' => Illuminate\Support\Facades\Log::class,
'Mail' => Illuminate\Support\Facades\Mail::class,
'Notification' => Illuminate\Support\Facades\Notification::class,
'Password' => Illuminate\Support\Facades\Password::class,
'Queue' => Illuminate\Support\Facades\Queue::class,
'RateLimiter' => Illuminate\Support\Facades\RateLimiter::class,
'Redirect' => Illuminate\Support\Facades\Redirect::class,
// 'Redis' => Illuminate\Support\Facades\Redis::class,
'Request' => Illuminate\Support\Facades\Request::class,
'Response' => Illuminate\Support\Facades\Response::class,
'Route' => Illuminate\Support\Facades\Route::class,
'Schema' => Illuminate\Support\Facades\Schema::class,
'Session' => Illuminate\Support\Facades\Session::class,
'Storage' => Illuminate\Support\Facades\Storage::class,
'Str' => Illuminate\Support\Str::class,
'URL' => Illuminate\Support\Facades\URL::class,
'Validator' => Illuminate\Support\Facades\Validator::class,
'View' => Illuminate\Support\Facades\View::class,
'Debugbar' => Barryvdh\Debugbar\Facades\Debugbar::class,
'AWS' => Aws\Laravel\AwsFacade::class,
],
LoginController:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
//use Illuminate\Foundation\Auth\AuthenticatesUsers; //Removed for AWS Cognito
use Ellaisys\Cognito\Auth\AuthenticatesUsers;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
//Added for AWS Cognito
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Authenticate User
*
* @throws \HttpException
*
* @return mixed
*/
public function login(\Illuminate\Http\Request $request)
{
try {
//Convert request to collection
$collection = collect($request->all());
//Authenticate with Cognito Package Trait (with 'web' as the auth guard)
if ($response = $this->attemptLogin($collection, 'web')) {
if ($response===true) {
$request->session()->regenerate();
return redirect(route('home'))->with('success', true);
} else if ($response===false) {
// If the login attempt was unsuccessful you may increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
//
//$this->incrementLoginAttempts($request);
//
//$this->sendFailedLoginResponse($collection, null);
} else {
return $response;
} //End if
} //End if
} catch(Exception $e) {
Log::error($e->getMessage());
return $response->back()->withInput($request);
} //Try-catch ends
} //Function ends
public function logout(Request $request): Redirector|Application|RedirectResponse
{
auth()->guard('web')->logout();
if($request->getSession()->invalidate()) {
return redirect(route('app.index'))->with('success', true);
} else {
return redirect(route('app.index'))->with('success', false);
}
}
} //Class ends
WebRoutes:
<?php
use App\Http\Controllers\AuthController;
use App\Http\Controllers\UserController;
use Ellaisys\Cognito\AwsCognito;
use Ellaisys\Cognito\AwsCognitoClient;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Route::middleware('web')->get('/', function (AuthController $controller, AwsCognito $cognito, Request $request) {
$request->session()->start();
return view('index');
})->name('app.index');
Route::middleware('aws-cognito')->get('/home', function (AuthController $controller, AwsCognito $cognito) {
//ddd($cognito->user());
return view('index');
});
Route::middleware('aws-cognito')->get('/privacy', function () {
return view('privacy');
})->name('privacy');
Route::middleware('aws-cognito')->get('/impress', function () {
return view('impress');
})->name('impress');
Auth::routes();
Route::get('/login', function () {
return view('auth.login');
})->name('login');
Route::middleware('aws-cognito')->post('/password/change', function (Request $request, AuthController $controller) {
return $controller->changePassword($request);
})->name('cognito.action.change.password');
Route::middleware('aws-cognito')->get('/password/change', function () {
return view('auth.passwords.change');
})->name('cognito.form.change.password');
Route::get('/register', function () {
return view('auth.register');
})->name('user.register');
Route::post('/register', function (Request $request, UserController $controller, AwsCognitoClient $client) {
return $controller->register($request, $client);
});
ChangePasswordController:
<?php
namespace App\Http\Controllers\Auth;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Support\Facades\Validator;
use Ellaisys\Cognito\Auth\ChangePasswords as CognitoChangePasswords; //Added for AWS Cognito
use Exception;
use Illuminate\Validation\ValidationException;
use Ellaisys\Cognito\Exceptions\AwsCognitoException;
use Ellaisys\Cognito\Exceptions\NoLocalUserException;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException;
class ChangePasswordController extends Controller
{
/*
|--------------------------------------------------------------------------
| Confirm Password Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling password confirmations and
| uses a simple trait to include the behavior. You're free to explore
| this trait and override any functions that require customization.
|
*/
use CognitoChangePasswords;
/**
* Where to redirect users when the intended url fails.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth');
}
/**
* Action to update the user password
*
* @param \Illuminate\Http\Request $request
*/
public function actionChangePassword(Request $request)
{
try
{
//Validate request
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'password' => 'string|min:8',
'new_password' => 'required|confirmed|min:8',
]);
$validator->validate();
// Get Current User
$userCurrent = auth()->guard('web')->user();
if ($this->reset($request)) {
auth()->guard()->logout();
$request->session()->invalidate();
return redirect(route('login'))->with('success', true);
} else {
return redirect()->back()
->with('status', 'error')
->with('message', 'Password updated failed');
} //End if
} catch(Exception $e) {
$message = 'Error sending the reset mail.';
if ($e instanceof ValidationException) {
$message = $e->errors();
} else if ($e instanceof CognitoIdentityProviderException) {
$message = $e->getAwsErrorMessage();
} else {
//Do nothing
} //End if
return redirect()->back()
->with('status', 'error')
->with('message', $message);
} //Try-catch ends
}
}
When I am trying this laravel module, I found that the config file name is config/config.php
instead of config/cognito.php
.
Your README.md also refers the config file as cognito.php
but it is called config.php
in config
directory.
And it seems that there is no CLI command to generate such config file.
Would you please take a look? Thank you very much.
Describe the bug
I'am using this as API.
Like i said in the title, when i register a new user, the first login i made in my app to the attemptLogin function returns false instead of the array with tokens. Only the first try after new registration.
To fix the issue i've done this :
$claim = $this->attemptLogin($collection, 'api', 'email', 'password', true);
if($claim === false) $claim = $this->attemptLogin($collection, 'api', 'email', 'password', true);
The false is returned by Auth::guard($guard)->attempt($credentials, $rememberMe);
in Ellaisys\Cognito\Auth\AutheticasUsers.php
Thanks you,
Christophe
Describe the bug
In the documentation for refresh token, it is telling us to check if the $claim is an AwsCognitoClaim. However, in RefreshToken.php line 97, the refresh function is returning an array through this line of code:
return $claim->getData();
This returns an array instead of the instance of AwsCognitoClaim.
To Reproduce
Try out the code provided in the documentation using postman.
Expected behavior
The refresh()
function should return the $claim instead of $claim->getData().
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
None.
Describe the bug
A clear and concise description of what the bug is.
On line 143 of aws-cognito/config/cognito.php you have the following
'sso_user_model' => env('AWS_COGNITO_USER_MODEL', 'App\User'),
when it should be
'sso_user_model' => env('AWS_COGNITO_USER_MODEL', 'App\Models\User'),
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
Describe the bug
The anonymous migrations are compatible since laravel 8.37: https://laravel-news.com/laravel-anonymous-migrations
Fetch Password Policy from Cognito and validate the request accordingly for change password and reset password functionality.
Using this package are you able to use different identity providers (Google, Apple)? I might be blind but I'm not seeing anything in the docs.
Best Regards,
Jovan
Hi,
We have feature tests that send requests to the api on behalf of a user to make sure our controllers behave appropriately. We previously used the actingAs
method now that we're using Cognito the validation is made on AWS side.
Is there something that exists that could help me within this package or should I implement a mechanic to handle authentication with a real user?
Thank you
Is your feature request related to a problem? Please describe.
When using Laravel for just and API we cannot use the hosted cognito login screen. Since the guard only checks for tokens it generates and does not actually verify or validate the JWT token itself.
Describe the solution you'd like
An additional guard which validates the access token and verifies its signature against the public key available at the well known URL. You could then cache the well known certificate for a period of time and even cache the access token for a period of time to prevent the crypto operations every request.
Describe alternatives you've considered
We have considered using this for our registration component to create the users and then writing our own Guard for the validation, but I think this fits in this package.
An alternative would be to use Auth0 or Okta which provide libraries for this very purpose.
In my application an admin is able to sign out a user from the app after the admin changed the user roles or access levels to some data. This is in order to the user will have to pass the sign-in flow to get the new roles and permissions.
In the official documentation described the method AdminUserGlobalSignOut - it allows us to make a user force lougout without using his access token.
But I didn't find a way how I can do it using the package, only sighOut()
which requires user access token.
/**
* Revoke the access-token from AWS Cognito in a user pool.
*
* @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#globalsignout
*
* @param string $accessToken
* @return bool
*/
public function signOut(string $accessToken)
{
try {
$this->client->globalSignOut([
'AccessToken' => $accessToken
]);
} catch (CognitoIdentityProviderException $e) {
if ($e->getAwsErrorCode() === self::COGNITO_NOT_AUTHORIZED_ERROR) {
return true;
} //End if
throw $e;
} catch (Exception $e) {
throw $e;
} //Try-catch ends
return true;
} //Function ends
There's a way to do a user logout on behalf of an admin?
Hi!
I see you has reverts all changes from my pull request. Also, I see that you has merged all my forked repository along with unnecessary changes. But I can send you clean pull request treesome only necessary commits.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.