set-cookie AWS Serverless

1
votes

Goal: Set a cookie from aws serverless.

I'm using a custom authentication flow

domain: mydomain.com
current domain: dev.mydomain.com
login api (api gateway): account-api.mydomain.com

Login Lambda
the login function is the actual function invoked

This lambda receives a username & password and creates/returns a JWT & cookie string, I've removed non-pertinent logic

*Right now my response contains extra stuff to help me debug/figure out how to map -- I'll be migrating it out once this is successfully setting the cookie

...
const handler = async event => {
  const jwtBody = {
    email: event.email,
    uuid: current_user_info.uuid.S,
    zipcode: current_user_info.zipcode.S,
  }

  var now = new Date();
  var time = now.getTime();
  var expireTime = time + (milliToHour*24*10);
  now.setTime(expireTime);

  var jwt = jsonwebtoken.sign(jwtBody, SMCData.secret, { algorithm: SMCData.alg, expiresIn: '1hr'});
  const cookieString = "token="+jwt+";expires=" + now.toUTCString() + ";secure;HttpOnly;"

  return {
    statusCode: 200,
    payload: {
      verified: current_user_info.verified.BOOL,
      jwt: jwt,
      cookie: cookieString
    }
  }
}

const login = middy(handler).use(cors({
  origins:[
    "https://dev.mydomain.com",
    "https://account-api.mydomain.com",
    "https://*.mydomain.com"
  ],
  credentials:true
}))

Current Status - postman

post_body = {
  "email": "[email protected]",
  "password": "correct_password"
}

response_body = {
  "statusCode":200,
  "payload":{
    "verified":false,
    "jwt":"eyJh...KAQ",
    "cookie":"token=ey...KAQ;expires=Tue, 12 Nov 2019 22:10:32 GMT;secure;HttpOnly;"
  }
}

cookie is also set: Postman correctly sets the cookie

Current Status - chrome

Headers: Chrome Login Headers

post_body = {
  "email": "[email protected]",
  "password": "correct_password"
}

response_body = {
  "statusCode":200,
  "payload":{
    "verified":false,
    "jwt":"eyJh...KAQ",
    "cookie":"token=ey...KAQ;expires=Tue, 12 Nov 2019 22:10:32 GMT;secure;HttpOnly;"
  }
}

cookie is not set: Chrome does not have the cookie set

API Gateway Configuration CORS is enabled API Gateway Method Response API Gateway Integration Response *I Know I'm 'supposed' to change the mapping value in the integration response into a mapping template, but I wanted to get things working before I figured out how to make that change.

1
node.jscookiesaws-lambdaaws-api-gateway
My suspicion is that I need to set something in the CORS middy handler - Schalton

1 Answers

1
votes

It helps when you setup cors properly in API Gateway. DOH!

Method Integration