tmaiaroto/callback.go

## callback.go
// Handle oauth2 callback, will exchange code for token
func cognitoCallback(ctx context.Context, d *aegis.HandlerDependencies, req *aegis.APIGatewayProxyRequest, res *aegis.APIGatewayProxyResponse, params url.Values) error {
	// Exchange code for token
	tokens, err := d.Services.Cognito.GetTokens(req.QueryStringParameters["code"], []string{})
	if err != nil {
		log.Println("Couldn't get access token", err)
		res.JSONError(500, err)
	} else {
		// verify the token
		_, err := d.Services.Cognito.ParseAndVerifyJWT(tokens.IDToken)
		if err == nil {
			host := req.GetHeader("Host")
			stage := req.RequestContext.Stage
			res.SetHeader("Set-Cookie", "access_token="+tokens.AccessToken+"; Domain="+host+"; Secure; HttpOnly")
			res.Redirect(301, "https://"+host+"/"+stage+"/protected")
		} else {
			res.JSONError(401, errors.New("unauthorized, invalid token"))
		}
	}
	return nil
}
	// Handle oauth2 callback, will exchange code for token
	func cognitoCallback(ctx context.Context, d aegis.HandlerDependencies, req aegis.APIGatewayProxyRequest, res *aegis.APIGatewayProxyResponse, params url.Values) error {
	// Exchange code for token
	tokens, err := d.Services.Cognito.GetTokens(req.QueryStringParameters["code"], []string{})
	if err != nil {
	log.Println("Couldn't get access token", err)
	res.JSONError(500, err)
	} else {
	// verify the token
	_, err := d.Services.Cognito.ParseAndVerifyJWT(tokens.IDToken)
	if err == nil {
	host := req.GetHeader("Host")
	stage := req.RequestContext.Stage
	res.SetHeader("Set-Cookie", "access_token="+tokens.AccessToken+"; Domain="+host+"; Secure; HttpOnly")
	res.Redirect(301, "https://"+host+"/"+stage+"/protected")
	} else {
	res.JSONError(401, errors.New("unauthorized, invalid token"))
	}
	}
	return nil
	}