-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
503 ERROR due lambda timeout after tokens are fetched #86
Comments
I did some debugging afger forking the repo and adding logs everywhere, and found that the lambda was timing out here Line 279 in e8c7e30
|
+1 I have the same issue but only when authenticating with refresh tokens. Edit: jk mine is more of an infinite redirect issue |
You need to set your config with: "cookiePath": "/" to fix your redirect issue |
Yep, found the other issue. Thanks! |
Now I'm experiencing this after resolving the other issue. Still +1
This seems to be happening only when refresh tokens are fetched and in regions that are further out (APAC / South America) because of the axios call to cognito in the set region. Is there any way we can do this with redirects instead? @maverick089 as the contributor of refresh tokens |
Not sure if these would address the 5 second time out issue:
process.env['AWS_NODEJS_CONNECTION_REUSE_ENABLED'] = '1'; |
Increasing the timeout worked for me... for now. Lambda@edge doesn't support timeouts > 5 seconds though. Also doesn't support env vars |
That's right, it does not support Lambda environment variables but you can manually set it with below if I am not mistaken. Cold start might also contribute to the issue.
|
Can give it a shot. Though I think that it's mostly because of region distance. An edge function in Singapore is making a call to Cognito in Oregon |
Hey guys, I was having the same issue, and thankfully I was able to come across this issue and resolve the problem with what @mishabruml has suggested, thanks 🙏 . |
Sweet, thanks for the info! |
Ops, actually it didn't help, I tested it wrong. I understand the issue on my end a bit better, and turns out I have the same problem as you @ckifer. When a token is expired it has to verify the token, then verify the refresh token and then fetch the new token - process seems to take longer than 5s time limit when cognito and cloudfront locations are far apart. I still have the timeout increased for the |
No resolution here no. Luckily I don't have too many users that are far away, but still would like to find a better solution. |
I had the same issue too and so far this worked for me, or maybe I just haven't tested it properly. |
Anyway, as a band-aid solution we decided to forgo the use of refresh tokens when a user is accessing outside of our region (australia) Changed this line in handle(event) function |
That's actually a solid workaround, nice! |
I think it needs to be inside the handler, at least that's how I configured it. |
@manu-remsense Is this you modifying the cognito-at-edge code? Wish there was a config item for that... |
Ohh I see, I should give it a try 🤔 @ckifer yes that's the only way as far as I know, I can make a PR later when I have time on the weekend (but not sure how useful it would be to people). |
Got it. I can just use patch-package for now. Since this is an issue I believe being able to conditionally turn off the use of refresh tokens should be useful to more than just two of us |
What happened:
My cloudfront dist redirects me to the cognito login UI and I successfully auth. After that, I get directed to the cloudfront 503 error page rather than my s3 static content:
The logs in my lambda@edge appear to show the initial invocation successfully recirecting the user to the UI page:
logs
Then after entering my login credentials, after 5s I am presented with the 503 screen in the browser. The lambda appears to time out after fetching the tokens.
logs
The text was updated successfully, but these errors were encountered: