/userInfo endpoint can fail in Open ID adapter
JimTharioAmazon opened this issue · comments
Describe the bug
/userInfo endpoint in open ID adapter can fail with bad request status
To Reproduce
Supply access token to /userInfo endpoint - very first token generated for this request_id will fail the request, subsequent tokens generated with same claims will not fail
Expected behavior
HTTP 200 status after call
Please complete the following information about the solution:
- Version: [e.g. v1.1.0]
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0021) - Video On Demand workflow with AWS Step Functions, MediaConvert, MediaPackage, S3, CloudFront and DynamoDB. Version v5.0.0". If the description does not contain the version information, you can look at the mappings section of the template:
Mappings:
SourceCode:
General:
S3Bucket: "solutions"
KeyPrefix: "video-on-demand-on-aws/v5.0.0"
- Region: [e.g. us-east-1]
- Was the solution modified from the version published on this repository? No
- If the answer to the previous question was yes, are the changes available on GitHub?
- Have you checked your service quotas for the sevices this solution uses?
- Were there any errors in the CloudWatch Logs? Yes, log message states
tokens don't match
Screenshots
If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context
Add any other context about the problem here.
Consider comparing claims only and not encoded token for this:
https://github.com/aws-solutions/virtual-waiting-room-on-aws/blob/main/source/openid-waitingroom/chalice/app.py#L205
The fix for this issue has been included in release 1.1.3.