通过 sk-auth 访问 Cognito 时设置重定向

Setting redirect when accessing Cognito via sk-auth

我使用 SvelteKit 构建了一个 Svelte 应用程序,该应用程序使用 Cognito 进行身份验证。我使用了以下站点:Cognito authentication for your SvelteKit app 指导我进行设置。当通过 npm run dev 在本地开发中 运行 时,该应用程序和与 Cognito 的连接运行良好,但是,当通过 npm run buildpm2 start /build/index.js 在 EC2 服务器上进行生产时 运行它将 Cognito URI 的 redirect_uri 部分设置为 http://localhost:3000。我不知道如何让它设置重定向到我的实际域。

以下是有关 EC2 当前设置方式的一些相关代码片段:

/etc/nginx/sites-available/domain.conf

server {

  server_name example.com;

  location / {
    root /var/www/html/build;
    proxy_pass http://localhost:3000;
  }

  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}

svelte.config.js

import node from '@sveltejs/adapter-node';

/** @type {import('@sveltejs/kit').Config} */
const config = {
  kit: {
    target: '#svelte',
    adapter: node({
      out: 'build',
      precompress: false,
      env: {
        host: 'example.com',
        port: '443'
      }
    })
  }
};

export default config;

/src/lib/auth.js

import { SvelteKitAuth, Providers } from 'sk-auth';

const DOMAIN = 'myapi.auth.us-east-1.amazoncognito.com';

const config = {
  accessTokenUrl: `https://${DOMAIN}/oauth2/token`,
  profileUrl: `https://${DOMAIN}/oauth2/userInfo`,
  authorizationUrl: `https://${DOMAIN}/oauth2/authorize`,
  redirect: 'https://example.com',
  clientId: myAWSclientID,
  clientSecret: myAWSclientSecret,
  scope: ['openid', 'email'],
  id: 'cognito',
  contentType: 'application/x-www-form-urlencoded'
};

const oauthProvider = new Providers.OAuth2Provider(config);

export const appAuth = new SvelteKitAuth({
  providers: [oauthProvider]
});

预计 URL 进入 Cognito

https://myapi.auth.us-east-1.amazoncognito.com/login?state=cmVkaXJlY3Q9Lw%3D%3D&nonce=699&response_type=code&client_id=myAWSclientID&scope=openid+email&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fcallback%2Fcognito%2F

进入 Cognito 时实际 URL

https://myapi.auth.us-east-1.amazoncognito.com/login?state=cmVkaXJlY3Q9Lw%3D%3D&nonce=699&response_type=code&client_id=myAWSclientID&scope=openid+email&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fcognito%2F

如您所见,它试图将 redirect_uri 设置为 http://localhost:3000 而不是预期的 https://example.com。我很确定在某处有一些设置允许它在进入 Cognito 时设置正确的 redirect_uri - 任何想法或建议将不胜感激!

根据我查看 sk-auth 模块源代码的情况,redirect_uri 似乎不是一个有效的配置选项。尝试在全局 SkAuth 构造函数中设置 host 配置选项:

const config = {
  accessTokenUrl: `https://${DOMAIN}/oauth2/token`,
  profileUrl: `https://${DOMAIN}/oauth2/userInfo`,
  authorizationUrl: `https://${DOMAIN}/oauth2/authorize`,
  // redirect_uri: 'https://example.com',
  clientId: myAWSclientID,
  clientSecret: myAWSclientSecret,
  scope: ['openid', 'email'],
  id: 'cognito',
  contentType: 'application/x-www-form-urlencoded'
};
.
.
export const appAuth = new SvelteKitAuth({
  providers: [oauthProvider],
  host: 'https://example.com',
});

进一步浏览源码后,还可以在provider configuration上设置AuthCallbacks接口提供的redirect选项:

const config = {
  accessTokenUrl: `https://${DOMAIN}/oauth2/token`,
  profileUrl: `https://${DOMAIN}/oauth2/userInfo`,
  authorizationUrl: `https://${DOMAIN}/oauth2/authorize`,
  // redirect_uri: 'https://example.com',
  redirect: 'https://example.com',
  clientId: myAWSclientID,
  clientSecret: myAWSclientSecret,
  scope: ['openid', 'email'],
  id: 'cognito',
  contentType: 'application/x-www-form-urlencoded'
};

顺便说一下,这就是作者在您提到的教程中使用的内容。