stackoom
  简体   繁体   中英

What should my OAuth2 Redirect URL be with an S3 static site frontend and an EC2 API backend?

 原文  2020-01-04 22:45:39       javascript/ reactjs/ amazon-web-services/ amazon-ec2/ oauth-2.0

Question

I'm running the usual setup with React apps where I'm using S3 and Cloudfront for the frontend for my single page application and then having them query an EC2 backend for any data that they need. This works well.

My issue I'm having is with creating the OAuth2 Authorization Code flow. I have it working such that the client is redirected to Google to login, but what I am now confused about is where I should redirect the user to upon successful authentication.

The "frontend" is basically www.website.com and is hosted in an S3 bucket configured to serve as a static website, whereas the "backend" is www.website.com/api/ . I have Cloudfront set up such that www.website.com/api/ calls redirect to the EC2 instance, and every other route redirects to the S3 bucket.

In this situation, what do I specify as the redirect URL? It seems to be the case that if I specify the "backend", then after the backend EC2 route is hit, then redirecting back to the "frontend" doesn't work.

Is the recommended way to instead specify the OAuth2 Redirect URL to the "frontend" (the static S3 site), and have a frontend route which then does a request to the EC2 backend? My concern is that the frontend (and hence user) should not be given access to the response data of the OAuth2 response route, but I'm unsure of any alternatives.

1 answers

solution1
 1  2020-01-05 09:21:57

You have a single page app and an SPA hosting model so the redirect should return to your SPA front end, which should use Authorization Code Flow (PKCE). See this doc .

Once the SPA has tokens it can just call your API directly. You may want to consider an API domain such as api.mysite.com in front of your EC2 server, and to make AWS API Gateway the entry point.

Out of interest I have a very similar architecture for a sample SPA which you can run from this page and compare to your own.

My React SPA code is here and uses the oidc client library to manage SPA login + token handling, though I use Cognito and not Google.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Should the OAuth2 Redirect URL be to the frontend or backend? OAuth2 flow in web frontend and REST API Attempt to upload to s3 on backend and frontend Discord send Oauth2 redirect url with the 'code' in url-query. How to get that code in my google script Can an AWS S3 Static Site access REST API in VPC? How configure redirect to api on AWS S3 hosting static website? What Redirect URL can I set for oauth2 callback in a chrome extension? How can I get the oauth_token data from my backend when it's sent via a http response to my frontend? Can I use an OAuth token from backend in my frontend? How to provide redirect URL for OAuth2 in Chrome extension?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM