I want to start by saying, thanks for sharing!
So here is my issue.
Cognito is getting a 403 on the /userinfo endpoint so I am assuming the Bearer token is invalid for some reason. Is this a common misconfiguration issue maybe on my part?
The state attribute is also undefined there but since the state is optional I think that's ok.
Here are the relevant debug logs with sensitive values <retracted>.
edit
I think this is also relevant, and is weird since I'm getting the sub from Github in the claim.
error_description=username+attribute+mapping+required&error=invalid_request
Also Ngrok is returing 400 back to the Cognito client but that's probably because the wrapper doesn't resolve correctly because of the 403.
debug: Signing payload {"iss":"https://<retracted>","aud":"<retracted>"}
debug: Resolved token response: {"access_token":"<retracted>","expires_in":28800,"refresh_token":"<retracted>"}
debug: Token for (<retracted>, undefined, <retracted>) provided
info: Providing access to JWKS: {"keys":[{"alg":"RS256","kid":"jwtRS256","kty":"RSA","n":"<retracted>","e":"AQAB"}]}
error: Failed to provide user info: Request failed with status code 403
debug: Checking response: [Circular]
debug: Fetched user details: {"login":"<retracted>","id":<retracted>,"node_id":"<retracted>","avatar_url":"<retracted>","gravatar_id":"","url":"https://api.github.com/users/<retracted>","html_url":"https://github.com/<retracted>","followers_url":"https://api.github.com/users/<retracted>/followers","following_url":"https://api.github.com/users/<retracted>/following{/other_user}","gists_url":"https://api.github.com/users/<retracted>/gists{/gist_id}","starred_url":"https://api.github.com/users/<retracted>/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/<retracted>/subscriptions","organizations_url":"https://api.github.com/users/<retracted>/orgs","repos_url":"https://api.github.com/users/<retracted>/repos","events_url":"https://api.github.com/users/<retracted>/events{/privacy}","received_events_url":"https://api.github.com/users/<retracted>/received_events","type":"User","site_admin":false,"name":"<retracted>","company":"<retracted> <retracted> ","blog":"http://github.com/<retracted>","location":"<retracted>","email":"<retracted>","hireable":true,"bio":null,"twitter_username":"<retracted>","public_repos":77,"public_gists":12,"followers":12,"following":17,"created_at":"2013-01-01T10:44:40Z","updated_at":"2021-02-07T21:49:19Z"}
debug: Resolved claims: {"sub":"<retracted>","name":"<retracted>","preferred_username":"<retracted>","profile":"https://github.com/<retracted>","picture":"https://avatars.githubusercontent.com/u/<retracted>?v=4","website":"http://github.com/<retracted>","updated_at":1612734559}
error: Failed to provide user info: Request failed with status code 403
debug: Checking response: [Circular]
debug: Fetched user details: {"login":"<retracted>","id":<retracted>,"node_id":"<retracted>","avatar_url":"https://avatars.githubusercontent.com/u/<retracted>?v=4","gravatar_id":"","url":"https://api.github.com/users/<retracted>","html_url":"https://github.com/<retracted>","followers_url":"https://api.github.com/users/<retracted>/followers","following_url":"https://api.github.com/users/<retracted>/following{/other_user}","gists_url":"https://api.github.com/users/<retracted>/gists{/gist_id}","starred_url":"https://api.github.com/users/<retracted>/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/<retracted>/subscriptions","organizations_url":"https://api.github.com/users/<retracted>/orgs","repos_url":"https://api.github.com/users/<retracted>/repos","events_url":"https://api.github.com/users/<retracted>/events{/privacy}","received_events_url":"https://api.github.com/users/<retracted>/received_events","type":"User","site_admin":false,"name":"Jón Levy","company":"@ruv-ohf @andesorg ","blog":"http://github.com/<retracted>","location":"<retracted>","email":"<retracted>","hireable":true,"bio":null,"twitter_username":"<retracted>","public_repos":77,"public_gists":12,"followers":12,"following":17,"created_at":"2013-01-01T10:44:40Z","updated_at":"2021-02-07T21:49:19Z"}
debug: Resolved claims: {"sub":"<retracted>","name":"<retracted>","preferred_username":"<retracted>","profile":"https://github.com/<retracted>","picture":"https://avatars.githubusercontent.com/u/<retracted>?v=4","website":"http://github.com/<retracted>","updated_at":1612734559}
I want to start by saying, thanks for sharing!
So here is my issue.
Cognito is getting a 403 on the
/userinfoendpoint so I am assuming the Bearer token is invalid for some reason. Is this a common misconfiguration issue maybe on my part?The
stateattribute is alsoundefinedthere but since the state is optional I think that's ok.Here are the relevant debug logs with sensitive values
<retracted>.edit
I think this is also relevant, and is weird since I'm getting the
subfrom Github in the claim.Also Ngrok is returing 400 back to the Cognito client but that's probably because the wrapper doesn't resolve correctly because of the 403.
debug: Signing payload {"iss":"https://<retracted>","aud":"<retracted>"} debug: Resolved token response: {"access_token":"<retracted>","expires_in":28800,"refresh_token":"<retracted>"} debug: Token for (<retracted>, undefined, <retracted>) provided info: Providing access to JWKS: {"keys":[{"alg":"RS256","kid":"jwtRS256","kty":"RSA","n":"<retracted>","e":"AQAB"}]} error: Failed to provide user info: Request failed with status code 403 debug: Checking response: [Circular] debug: Fetched user details: {"login":"<retracted>","id":<retracted>,"node_id":"<retracted>","avatar_url":"<retracted>","gravatar_id":"","url":"https://api.github.com/users/<retracted>","html_url":"https://github.com/<retracted>","followers_url":"https://api.github.com/users/<retracted>/followers","following_url":"https://api.github.com/users/<retracted>/following{/other_user}","gists_url":"https://api.github.com/users/<retracted>/gists{/gist_id}","starred_url":"https://api.github.com/users/<retracted>/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/<retracted>/subscriptions","organizations_url":"https://api.github.com/users/<retracted>/orgs","repos_url":"https://api.github.com/users/<retracted>/repos","events_url":"https://api.github.com/users/<retracted>/events{/privacy}","received_events_url":"https://api.github.com/users/<retracted>/received_events","type":"User","site_admin":false,"name":"<retracted>","company":"<retracted> <retracted> ","blog":"http://github.com/<retracted>","location":"<retracted>","email":"<retracted>","hireable":true,"bio":null,"twitter_username":"<retracted>","public_repos":77,"public_gists":12,"followers":12,"following":17,"created_at":"2013-01-01T10:44:40Z","updated_at":"2021-02-07T21:49:19Z"} debug: Resolved claims: {"sub":"<retracted>","name":"<retracted>","preferred_username":"<retracted>","profile":"https://github.com/<retracted>","picture":"https://avatars.githubusercontent.com/u/<retracted>?v=4","website":"http://github.com/<retracted>","updated_at":1612734559} error: Failed to provide user info: Request failed with status code 403 debug: Checking response: [Circular] debug: Fetched user details: {"login":"<retracted>","id":<retracted>,"node_id":"<retracted>","avatar_url":"https://avatars.githubusercontent.com/u/<retracted>?v=4","gravatar_id":"","url":"https://api.github.com/users/<retracted>","html_url":"https://github.com/<retracted>","followers_url":"https://api.github.com/users/<retracted>/followers","following_url":"https://api.github.com/users/<retracted>/following{/other_user}","gists_url":"https://api.github.com/users/<retracted>/gists{/gist_id}","starred_url":"https://api.github.com/users/<retracted>/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/<retracted>/subscriptions","organizations_url":"https://api.github.com/users/<retracted>/orgs","repos_url":"https://api.github.com/users/<retracted>/repos","events_url":"https://api.github.com/users/<retracted>/events{/privacy}","received_events_url":"https://api.github.com/users/<retracted>/received_events","type":"User","site_admin":false,"name":"Jón Levy","company":"@ruv-ohf @andesorg ","blog":"http://github.com/<retracted>","location":"<retracted>","email":"<retracted>","hireable":true,"bio":null,"twitter_username":"<retracted>","public_repos":77,"public_gists":12,"followers":12,"following":17,"created_at":"2013-01-01T10:44:40Z","updated_at":"2021-02-07T21:49:19Z"} debug: Resolved claims: {"sub":"<retracted>","name":"<retracted>","preferred_username":"<retracted>","profile":"https://github.com/<retracted>","picture":"https://avatars.githubusercontent.com/u/<retracted>?v=4","website":"http://github.com/<retracted>","updated_at":1612734559}