Example Aegis Cognito Callback Handler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Handle oauth2 callback, will exchange code for token | |
func cognitoCallback(ctx context.Context, d *aegis.HandlerDependencies, req *aegis.APIGatewayProxyRequest, res *aegis.APIGatewayProxyResponse, params url.Values) error { | |
// Exchange code for token | |
tokens, err := d.Services.Cognito.GetTokens(req.QueryStringParameters["code"], []string{}) | |
if err != nil { | |
log.Println("Couldn't get access token", err) | |
res.JSONError(500, err) | |
} else { | |
// verify the token | |
_, err := d.Services.Cognito.ParseAndVerifyJWT(tokens.IDToken) | |
if err == nil { | |
host := req.GetHeader("Host") | |
stage := req.RequestContext.Stage | |
res.SetHeader("Set-Cookie", "access_token="+tokens.AccessToken+"; Domain="+host+"; Secure; HttpOnly") | |
res.Redirect(301, "https://"+host+"/"+stage+"/protected") | |
} else { | |
res.JSONError(401, errors.New("unauthorized, invalid token")) | |
} | |
} | |
return nil | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment