I have a service(Apache Superset) running on localhost:8088. I am trying to connect to AWS Cognito using NGINX as a webserver.
My NGINX config is /etc/ngnix/conf.d/superset.conf
server {
listen 80;
server_name in.welcome.com;
return 301 https://$host$request_uri;
}
server {
server_name in.welcome.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8088;
proxy_read_timeout 90;
proxy_redirect https://in.welcome.com http://localhost:8088;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/in.welcome.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/in.welcome.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
With this configuration it is passing the following query string parameters:
DEBUG:authlib.integrations.base_client.base_app:Saving authorize data:
{'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito',
'url': 'https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/authorize?
response_type=code&client_id=12345&
redirect_uri=http://in.welcome.com/oauthauthorized/Fcognito&scope=email+openid+profile&state=1234',
'state': '1234'}
Cognito requires an HTTPS URI, however my this configuration is sending:
'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito
Instead of:
'redirect_uri': 'https://in.welcome.com/oauth-authorized/cognito
Update superset_config.py with: