You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've configured Vault with OIDC auth method with AWS Cognito provider. The login fails at the very end of the flow, when the popup window is trying to post back the auth code message to the parent window. I believe this is due to the same reason as described in #18648 , i.e. when redirected to cognito login portal - it sets Cross-Origin-Opener-Policy: same-origin, which prevents posting messages across windows.
To Reproduce
Configure OIDC auth method using AWS Cognito as provider. It's pretty generic, all required claims are included in the jwt and supposed to work even with external group mapping
Try to login with OIDC from web UI
Get an error Cannot read properties of null (reading 'postMessage'), which can be traced back here
Screen recording is below
Screen.Recording.2024-04-22.at.17.07.39.mov
Environment:
Vault Server Version (retrieve with vault status): 1.16.1
Vault CLI Version (retrieve with vault version): 1.16.1 (6b5986790d7748100de77f7f127119c4a0f78946), built 2024-04-03T12:35:53Z
Server Operating System/Architecture: Debian 12 (bookworm), Linux 6.6.20
Additional context
Logging in from CLI (vault login -method=oidc -path=cognito) is working fine
The text was updated successfully, but these errors were encountered:
alkersan
changed the title
OIDC flow can't complete with AWS Cognito
OIDC login flow can't complete with AWS Cognito
Apr 23, 2024
I've configured Vault with OIDC auth method with AWS Cognito provider. The login fails at the very end of the flow, when the popup window is trying to post back the auth code message to the parent window. I believe this is due to the same reason as described in #18648 , i.e. when redirected to cognito login portal - it sets
Cross-Origin-Opener-Policy: same-origin
, which prevents posting messages across windows.To Reproduce
Cannot read properties of null (reading 'postMessage')
, which can be traced back hereScreen.Recording.2024-04-22.at.17.07.39.mov
Environment:
vault status
):1.16.1
vault version
):1.16.1 (6b5986790d7748100de77f7f127119c4a0f78946), built 2024-04-03T12:35:53Z
Debian 12 (bookworm), Linux 6.6.20
Additional context
Logging in from CLI (
vault login -method=oidc -path=cognito
) is working fineThe text was updated successfully, but these errors were encountered: