You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ^ character is not accepted by AWS Cognito in a value to the state during /oauth2/authorize. We monkey-patched the issue for now. By including this in our chainlit app.
fromchainlitimportsecret# We have to do this because, `^` in the OAuth /authorize step# trips up AWS Cognito. So we are monkey-patching out this# character.# FIXME: Remove this monkeypatch once chainlit fixes itsecret.chars=secret.chars.replace("^", "")
Describe the bug
AWS Cognito requires that calls to
/oauth2/authorize
endpoint must have thestate
parameterbase64
encoded https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html#get-authorize .Chainlit however simply creates a 32 character state randomly without encoding the string to
base64
. https://github.com/Chainlit/chainlit/blob/main/backend/chainlit/server.py#L370This issue occurs randomly whenever the 32 character state has characters not typically found in a base64 string (like $,%,^).
To Reproduce
Steps to reproduce the behavior:
/oauth2/authorize
.state
parameter set in thelocation
header in the response received from the Chainlit application.state
parameter has special characters, observe the400
bad request error code from calls to the Cognito domain./oauth2/authorize
succeed whenstate
parameter no longer has special characters.Expected behavior
The expectation is that Chainlit encodes the string to base64 before setting it as the state and call the configured auth providers.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: