Saturday, 20 March 2021

AWS Cognito & Flask app can't grab the jwt from the url

I have this simple Flask app, when you visit the landing page it redirects you to AWS Cognito portal where you login and then you get redirect to a webpage with a jwt in url. I am trying to get the jwt from the url but with no luck.

Everything works fine,

  • I visit the app(localy)
  • I get redirected to AWS Cognito portal
  • I login & redirected to the flask app
  • There I try to get the jwt but with no luck

Here's the code and what I've tried so far

from flask import Flask, render_template, redirect, request
app = Flask(__name__)

@app.route('/')
def landing_page():
    print('*' * 20)
    print(request.args)
    print(request.data.decode('UTF-8'))
    print(request.get_json())
    print(request.values)
    print(request.json)
    print(request.headers)
    print(request.headers.get('#id_token'))
    print(request.headers.get('id_token'))
    print(request.get_data().decode('UTF-8'))
    print(request.get_data())
    print(request.stream.read().decode('UTF-8'))
    print(request.args.get('id_token'))
    print(request.stream.read())
    print(request.args.to_dict([]))
    print(request.args.to_dict())
    print(request.args.get('id_token'))
    try:
        print(request.args['id_token'])
    except:
        print('pass')
    print('*' * 20)
    return redirect('https://xxx.auth.eu-central-1.amazoncognito.com/login?response_type=token&client_id=xxxxx&redirect_uri=http://localhost:5000/',
                    code=302)

And the results

127.0.0.1 - - [17/Mar/2021 08:35:02] "GET / HTTP/1.1" 302 -
********************
ImmutableMultiDict([])

None
CombinedMultiDict([ImmutableMultiDict([]), ImmutableMultiDict([])])
None
Host: localhost:5000
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/xxxx Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Sec-Ch-Ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: _xsrf=2|xxx|xxx|xxxx


None
None

b''

None
b''
{}
{}
pass
None
********************
127.0.0.1 - - [17/Mar/2021 08:35:05] "GET / HTTP/1.1" 302 -


from AWS Cognito & Flask app can't grab the jwt from the url
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)