Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add (very) minimal support for AWS ALB #180

Merged
merged 1 commit into from
Jan 2, 2025
Merged

Add (very) minimal support for AWS ALB #180

merged 1 commit into from
Jan 2, 2025

Conversation

ottokruse
Copy link
Contributor

@ottokruse ottokruse commented Dec 30, 2024
edited
Loading

Issue #, if available: #109

Description of changes: This PR adds (very) minimal support for AWS ALB, basically by being more lenient and accept any padding (=) characters in the JWT (such padding is, for the record, officially not allowed, per the JWS specification (see here)).

This PR adds an AWS ALB setup to our Cognito test stack, as well as an automated script to get a real JWT signed by AWS ALB (using web scraping of the Cognito Hosted UI with jsdom library) and test verification of this JWT.

To see how to verify an AWS ALB check the test "Verify Data token from ALB" in file ./tests/cognito/test/cognito.test.ts

NOTE: This PR includes the updates from #179 -- please review and merge that one first.

NOTE 2: Proper AWS ALB support (e.g. with public key caching) is being added by @NicolasViaud in #176

NOTE 3: Also updated the Cognito test stack to CDK v2 which (therefore the diff is pretty big)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@ottokruse ottokruse requested a review from hakanson December 30, 2024 11:21
@ottokruse ottokruse force-pushed the cdk-alb branch 8 times, most recently from 092aa4d to 4fca502 Compare December 31, 2024 08:28
@ottokruse ottokruse mentioned this pull request Dec 31, 2024
Merged
hakanson
hakanson approved these changes Dec 31, 2024
View reviewed changes
Copy link
Contributor

@hakanson hakanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. Reviewed the code, ran the build and tests, deployed the stack with the ALB.

I added some minor comments on some source lines, but nothing that should block a merge.

tests/unit/jwt-verifier.test.ts Outdated Show resolved Hide resolved
tests/cognito/package.json Outdated Show resolved Hide resolved
tests/unit/jwt-verifier.test.ts Outdated Show resolved Hide resolved
tests/util/util.ts Outdated Show resolved Hide resolved
@ottokruse ottokruse force-pushed the cdk-alb branch 2 times, most recently from f812eda to 6d671d4 Compare January 2, 2025 07:32
@ottokruse ottokruse merged commit 1fab445 into awslabs:main Jan 2, 2025
1 check passed
@ottokruse ottokruse deleted the cdk-alb branch January 2, 2025 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hakanson hakanson hakanson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ottokruse @hakanson