Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Hosted UI and /oauth2/authorize seem to auto login, without having the option to confirm ("continue"), or log in to a different account
See original GitHub issueDescribe the bug
Neither:
a) using the hosted UI and signing in with facebook/google
https://my-app.auth.auth.us-west-2.amazoncognito.com/login?(...)
b) using the oauth login
https://my-app.auth.auth.us-west-2.amazoncognito.com/oauth2/authorize?(...)
has the user confirm / continue, by presenting them with the common view found in most apps.
Approach b) has no way to switch to a different account after a user logs in with one, and are stuck. Both approaches will throw an error if a user removes access from the fb/google allowed apps, when you expect them to be re-prompted to continue and allow access.
To Reproduce Steps to reproduce the behavior:
- Create new account (e.g. ‘a@b.com’), then logout
- User wants to login as ‘b@c.com’). but there is no way to accomplish this with method b).
- If you skip 3, and the user deletes permissions on their identity provider, and tries logging in using method b, it does not ask you to re-login, and throws error. if using method a), and user hits continue, same error occurs.
Expected behavior If a user is logged in, provide the identity provider page that allows users to “Continue” as the currently signed in account, or to switch accounts.
If a user revokes permissions, show the same page, re-instilling them.
Screenshots
Smartphone (please complete the following information):
- Device: iPhone X
- OS: iOS 12
- Browser Safari
Issue Analytics
- State:
- Created 5 years ago
- Comments:9 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I think this is still a problem.
Auth.signOut()only signs out from Cognito, but not from the federated provider (Google in this case). So when you try to login again (in my case, usingAuth.federatedSignIn({ .provider: 'Google' })) it will automatically bypass Google’s account selection/login and directly use the existing session.One suboptimal solution to this is to also sign out from Google. You can accomplish this by making a GET request to
https://accounts.google.com/logout. This way, a subsequent federatedSignIn will need to go through the Google login screen.But, the ideal solution in my opinion is to enable passing the
promptquery param when issuing the code flow. This way, when you know you are signed out, you could passprompt=select_accountand you will go through the google login screen even when you are still logged in in Google.Can you please reopen this? It seems @powerful23 never got back with a Cognito team answer about this and it was just automatically closed
+1 would like to have a fix of this as well.