Cognito: /auth Invalid session state: stored %!s(<nil>) on first login
avishayil opened this issue · comments
Describe the problem
I'm trying to utilize vouch proxy in order to secure Kuberentes Dashboard (blog post coming soon btw)
Vouch proxy returns response code 400 on first login using Cognito user pool OAuth provider
Deployed on EKS with helm chart, route53 domain points to ingress-nginx alb, then route to vouch-proxy to perform auth. Cognito provides the JWT, then vouch-proxy instructs ingress-nginx to include the JWT in the Authorization header
Expected behavior
Successfully redirect to the client application instead of returning code 400.
Desktop (please complete the following information):
- OS: macOS Ventura 13.0.1
- Browser: Chrome, Firefox
- Version: Latest
Additional context
Logs: https://gist.github.com/avishayil/57997ff80fc10e993573ce96a037eaf4
Repository: https://github.com/avishayil/kubernetes-dashboard-vouch-cognito (full Cognito integration implementation)
When using testing: true
redirect works fine.
After first login, the application works just fine.
When JWT expires, error occurs again.
Error does not reproduce after deleting the vouch cookie.
Error reproduce after using the "sign out user" feature of Cognito: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUserGlobalSignOut.html
Found similar issue on #430, but it is reproducible this time
@avishayil happy to help but I need more info. Please consult the README for what to provide when submitting an issue.
I'd be very excited to read a blog post about VP + Kuberentes Dashboard !
@avishayil I'm going to close this for now, feel free to post again to this thread if you'd still like me to take a look