Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow customisation of the JWT fetcher #88

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

mishabruml
Copy link

Issue #86

Description of changes:

Allows customisation of the JWT fetcher. Mainly desired so that the 1500ms default responseTimeout can be increased to 5000ms, which has been the source of this issue #86. I have forked this repo and deployed the changes with a 5000ms to my lambda@edge and now the cognito flow and redirection works as expected, whereas previously I was getting timeout errors, the source of which was verifying the JWT.

Its effecteively just allowing this https://github.com/awslabs/aws-jwt-verify#configuring-the-jwks-response-timeout-and-other-http-options-with-jsonfetcher

Some related issues that I found useful: awslabs/aws-jwt-verify#133 and in particular awslabs/aws-jwt-verify#72

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@mishabruml
Copy link
Author

Actually, I've discovered that this is ineffective at passing down the responseTimeout configuration when used like

new Authenticator({
  region: 'foo',
  userPoolAppId: 'bar',
  userPoolDomain: 'fizz',
  userPoolId: 'buzz',
  jwtVerifierFetcherRequestOptions: {
    responseTimeout: 5000,
  },
});

I was still getting timeout logs in Lambdam and the occasional one like this:

{
    "errorType": "Error",
    "errorMessage": "Failed to fetch https://cognito-idp.*****.amazonaws.com/*********/.well-known/jwks.json: Response time-out (after 1500 ms.)",
    "stack": [
        "Error: Failed to fetch https://cognito-idp.****.amazonaws.com/*******/.well-known/jwks.json: Response time-out (after 1500 ms.)",
        "    at Timeout.<anonymous> (/var/task/index.js:1:4107)",
        "    at listOnTimeout (node:internal/timers:573:17)",
        "    at process.processTimers (node:internal/timers:514:7)"
    ]
}

Note the 1500ms timeout in the above log

@mishabruml
Copy link
Author

The only way I've managed to get it to work at the moment is hardcoding like this https://github.com/mishabruml/cognito-at-edge/blob/43d671fdd06a7da0ae84b532dd69ca65a0115e5e/src/index.ts#L91-L99

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant