Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cognito): user pool client logout urls #10301

Merged
merged 4 commits into from
Sep 16, 2020
Merged

feat(cognito): user pool client logout urls #10301

merged 4 commits into from
Sep 16, 2020

Conversation

tneely
Copy link
Contributor

@tneely tneely commented Sep 11, 2020
edited by nija-at
Loading

Support Logout URLs in UserPoolClient.

This is a pretty minimal change to just allow the property to be set.

fixes: #10225

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@lielran
Copy link

lielran commented Sep 13, 2020

Great stuff! Thanks @tneely

nija-at
nija-at suggested changes Sep 14, 2020
View reviewed changes
packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts
* List of allowed logout URLs for the identity providers.
* @default - no logout URLs
*/
readonly logoutUrls?: string[];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason you've added it within OAuthSettings? AFAICT from the documentation, this isn't related to OAuth.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Callback url and Logout urls are part of the oAuth configuration.

the settings in the UI is under App client settings (title "What identity providers and OAuth 2.0 settings should be used for your app clients".

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

worth mention that CFN user pool clients is flat. but here in CDK I see a structure by oAuth.
anyhow, logoutUrls should be besides callbarckIUrls that currently inside the oAuth object.

@nija-at nija-at changed the title feat(cognito): Support Logout URLs in UserPoolClient feat(cognito): user pool client logout url Sep 14, 2020
nija-at
nija-at previously requested changes Sep 14, 2020
View reviewed changes
Copy link
Contributor

@nija-at nija-at left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can make this more inline with the callbackUrls behavior, but I'm
not sure what the intent is behind that logic. Is it needed for the CFn
template to deploy correctly, or are we trying to nudge users towards
using the property because without it you won't be able to sign in/out
properly?

I don't recall which one it was, in this case, but likely so that the template
deploys correctly. In general, in the CDK, we try our best to do both - let
users produce a correct template and guide them towards the correct use
of properties so that the Cognito app is set up correctly.

Could you deploy a cdk app with this value set and report back?

@tneely
Copy link
Contributor Author

tneely commented Sep 15, 2020

I tried deploying the following resource with and without CallbackURLs and LogoutURLs. The template deploys just fine without LogoutURLs, but gives the following error when CallbackURLs is missing: CallbackUrls can not be empty when code flow or implicit flow is selected 

"AuthenticationUserPoolUserPoolClient8AE1704E": {
      "Type": "AWS::Cognito::UserPoolClient",
      "Properties": {
        "UserPoolId": {
          "Ref": "AuthenticationUserPool28698864"
        },
        "AllowedOAuthFlows": ["implicit", "code"],
        "AllowedOAuthFlowsUserPoolClient": true,
        "AllowedOAuthScopes": [
          "profile",
          "phone",
          "email",
          "openid",
          "aws.cognito.signin.user.admin"
        ],
        "CallbackURLs": ["https://www.example.com"],
        "LogoutURLs": ["https://www.example.com"],
        "SupportedIdentityProviders": ["COGNITO"]
      }
    }
  }

@mergify mergify bot dismissed nija-at’s stale review September 15, 2020 03:23

Pull request has been modified.

@nija-at nija-at changed the title feat(cognito): user pool client logout url feat(cognito): user pool client logout urls Sep 16, 2020
@mergify
Copy link
Contributor

mergify bot commented Sep 16, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 09230d4
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Sep 16, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 5111837 into aws:master Sep 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lielran lielran lielran left review comments

@nija-at nija-at nija-at approved these changes

Assignees

@nija-at nija-at

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[aws-cognito] add logout url parameter
4 participants
@tneely @lielran @aws-cdk-automation @nija-at