tmaiaroto · April 12, 2018 05:26
diff --git a/callback.go b/callback.go
 // Handle oauth2 callback, will exchange code for token
 func cognitoCallback(ctx context.Context, d *aegis.HandlerDependencies, req *aegis.APIGatewayProxyRequest, res *aegis.APIGatewayProxyResponse, params url.Values) error {
 	// Exchange code for token
 	tokens, err := d.Services.Cognito.GetTokens(req.QueryStringParameters["code"], []string{})
 	if err != nil {
 		log.Println("Couldn't get access token", err)
 		res.JSONError(500, err)
 	} else {
 		// verify the token
 		_, err := d.Services.Cognito.ParseAndVerifyJWT(tokens.IDToken)
 		if err == nil {
 			host := req.GetHeader("Host")
 			stage := req.RequestContext.Stage
 			res.SetHeader("Set-Cookie", "access_token="+tokens.AccessToken+"; Domain="+host+"; Secure; HttpOnly")
 			res.Redirect(301, "https://"+host+"/"+stage+"/protected")
 		} else {
 			res.JSONError(401, errors.New("unauthorized, invalid token"))
 		}
 	}
 	return nil
 }
	// Handle oauth2 callback, will exchange code for token
	func cognitoCallback(ctx context.Context, d aegis.HandlerDependencies, req aegis.APIGatewayProxyRequest, res *aegis.APIGatewayProxyResponse, params url.Values) error {
	// Exchange code for token
	tokens, err := d.Services.Cognito.GetTokens(req.QueryStringParameters["code"], []string{})
	if err != nil {
	log.Println("Couldn't get access token", err)
	res.JSONError(500, err)
	} else {
	// verify the token
	_, err := d.Services.Cognito.ParseAndVerifyJWT(tokens.IDToken)
	if err == nil {
	host := req.GetHeader("Host")
	stage := req.RequestContext.Stage
	res.SetHeader("Set-Cookie", "access_token="+tokens.AccessToken+"; Domain="+host+"; Secure; HttpOnly")
	res.Redirect(301, "https://"+host+"/"+stage+"/protected")
	} else {
	res.JSONError(401, errors.New("unauthorized, invalid token"))
	}
	}
	return nil
	}