We use AWS Cognito as the user management platform which come with AWS Amplify for our new project. But we also have KeyCloak as SSO for the organisation. So We connect KeyCloak as external IdP to the Cognito via OIDC to allow user login to our new system with organisation's SSO.
What we try to achieve is when user already login via organisation's SSO. They should be in logged in state when they visit this new site seamlessly.
However, Auth.currentSession()
only recognised the login session from Cognito which mean it won't recognise the user have already login to the KeyCloak on the other website. The solution I comes up is try to use silentLogin
from oidc-client to check the login state when the user visit. The silent login run an iframe to send request to the auth link. It first send the request to https://xxxxx.auth.ap-southeast-2.amazoncognito.com/oauth2/authorize with prompt=none
to avoid showing the UI. But when the request got redirected to KeyCloak, it doesn't send with prompt=none
which make it try to load the login UI and cause the silentLogin
failed.
So I am wondering if there is anyway to edit the redirect url from Cognito to KeyCloak. Or any solution to achieve my goal can be suggested.
Thank you
The expected behavior should be like this - some UX stakeholders may not like the second redirect or consider it seamless but it has to happen like this:
Avoid the prompt=none technique, which is now deprecated:
I would instead take a closer look at the HTTP messages for App B redirects:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.