Handling SSR Auth

Outline

  • Current Signin Flow
  • Using Remix
  • Cookie/Session-Cookie
  • Demo

Sigin Flow

Cognito Client SDK

Frontend

UI

Session Context

Cognito Client SDK

Frontend

UI

Session Context

Cognito Client SDK

Frontend

UI

Session Context

{ username: xxx: pasword: xxx}

Cognito Client SDK

Frontend

UI

Session Context

{ username: xxx: pasword: xxx}

AWS Cognito

Backend

POST https://cognito-idp.us-east-1.amazonaws.com/

generate idToken/refreshToken

Authorization: idToken

Using SSR

Cognito Client SDK

Frontend

UI

Session Context

{ username: xxx: pasword: xxx}

AWS Cognito

Backend

POST https://cognito-idp.us-east-1.amazonaws.com/

generate idToken/refreshToken

Authorization: idToken

Backend

Cognito Client SDK

Frontend

UI

Session Context

Remix Server

query, guard...etc

stateless

https://remix.run/docs/en/main/guides/bff

Using SSR Issues

  • Browser Api
  • Authentication
  • In local development, the token is cleared or lost after every hot reload, causing session issues

Remix

encrypt idToken & refreshToken and store in Cookie

4096 bytes

Cookie limits imposed by RFC A browser should be able to accept at least 300 cookies with a maximum size of 4096 bytes, as stipulated by RFC 2109 (#6.3), RFC 2965 (#5.3), and RFC 6265.

One domain

SessionId

Cookie

cookieHeader:  __session=eyJzZXNzaW9uSWQiOiIwN2VjOTE0MS04MjVkLTRiZDAtYjk0OC01MzAyYjYzZmVhNDEifQ%3D%3D.1DD8empdMO6FOxXZ26Bv9WPmuDkoT%2FxuMmXNuYKqwhY; Path=/; HttpOnly; SameSite=Lax

memory/DB/Redis

{

   xxxId:{

      idToken:xxx,

      refreshdToekn:xxx

}}

https://remix.run/docs/en/main/utils/sessions

Micro Frontend

Demo

Ref

  • https://repost.aws/questions/QUohnyWmF9Tiy8YdJx52sgww/cognito-does-not-support-the-rotation-of-refresh-tokens
Made with Slides.com