You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please include any relevant guides or documentation you're referencing
No response
Describe the feature request
Amplify Auth social sign-in operations e.g. signinWithSocialWebUI to support passing custom HTTP headers or parameters, In this use case, the custom HTTP headers are need since the OAuth/HostedUI provider endpoints are proxied via 3rd party service Akamai which implement bot protection that works by requiring a custom header "x-acf-sensor-data" to be included with the request. It appears the initial request (/authorize) seems to work fine, however it seems request to /token are blocked since the custom header is not present.
Initialization steps (if applicable)
No response
Code Snippet
// Put your code below this line.
amplifyconfiguration.json
No response
GraphQL Schema
// Putyourschema below this line
Additional information and screenshots
No response
The text was updated successfully, but these errors were encountered:
We will have to further investigate the approach. I'm not sure this custom header will be allowed by the Custom Tab as it is not on the approved list of headers.
{domain}/oauth2/token to exchange the token for AWSCredentials. If we were able to build out the options for signInWithWebUI to allow custom headers, it would be feasible to add the headers to this request as well.
When refreshing tokens, Amplify will directly hit Cognito endpoints using the Kotlin SDK. There is no mechanism to inject custom headers into these requests, nor change the endpoint.
I'm not sure how the first /authorize call would work, unless the cutomer is able to get the cookie by completing a captcha through the CustomTab. However, whatever cookies that are granted while inside of the custom tab will not be available to the client application to make the subsequent token call.
A potential solution would require the cookie header to be present at the initial signInWithWebUI method call.
Before opening, please confirm:
Language and Async Model
Not applicable
Amplify Categories
Authentication
Gradle script dependencies
// Put output below this line
Environment information
Please include any relevant guides or documentation you're referencing
No response
Describe the feature request
Amplify Auth social sign-in operations e.g. signinWithSocialWebUI to support passing custom HTTP headers or parameters, In this use case, the custom HTTP headers are need since the OAuth/HostedUI provider endpoints are proxied via 3rd party service Akamai which implement bot protection that works by requiring a custom header "x-acf-sensor-data" to be included with the request. It appears the initial request (/authorize) seems to work fine, however it seems request to /token are blocked since the custom header is not present.
Initialization steps (if applicable)
No response
Code Snippet
// Put your code below this line.
amplifyconfiguration.json
No response
GraphQL Schema
Additional information and screenshots
No response
The text was updated successfully, but these errors were encountered: