After upgraded to VIP AuthHub product Version 2.1.2.1030, user is seeing below issue :
1. Successfully registered a user with FIDO credentials.
2. After registering, user name is keyed in the app and the flow is getting redirected to registration flow instead of the login flow.
Release : VIP AuthHub Version 2.1.2.1030.
kibana logs, can see message like :
Device with tag:[***a8a] is registered for user:[4b5d08dd-xxxx-xxxx-xxxx-xxxxxxxxxx13]
Authentication passed and remember device set.
There are also API messages for CORS domain matching.
Current data flow design is using API Gateway to proxy everything to AuthHub.
External API calls to API gateway are on .domain1.com domain.
API gateway routes request to AuthHub internally on .domain2.com.
When the device was registered, it came from .domain1.com, but when a user authenticate request comes in, it came from domain ".domain2.com", hence domains are not matched or recognized.
AuthHub container is already configured to allow CORS request from domain .domain1.com, but we need to make sure all subsequent API requests are coming from legitimately allowed domain by either of the two ways.
1. add below header to mobile app directly during an auth request.
pass: newHeaders ["origin"]= https://api.domain1.com
2. add "origin" header to API gateway configuration, so that all requests carry Header something like ["origin"]= https://api.domain1.com
Note, the API gateway actual configuration will have different syntax from above.
33508933