VIPAuthHub: user is redirected to registration flow even though recently been registered
search cancel

VIPAuthHub: user is redirected to registration flow even though recently been registered

book

Article ID: 271092

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

After upgraded to VIP AuthHub product Version 2.1.2.1030, user is seeing below issue :

1. Successfully registered a user with FIDO credentials.

2. After registering, user name is keyed in the app and the flow is getting redirected to registration flow instead of the login flow.

Environment

Release : VIP AuthHub Version 2.1.2.1030.

Cause

kibana logs, can see message like :

Device with tag:[***a8a] is registered for user:[4b5d08dd-xxxx-xxxx-xxxx-xxxxxxxxxx13]

Authentication passed and remember device set.

There are also API messages for CORS domain matching.

Resolution

Current data flow design is using API Gateway to proxy everything to AuthHub.

External API calls to API gateway are on .domain1.com domain.

API gateway routes request to AuthHub internally on .domain2.com.

When the device was registered, it came from .domain1.com, but when a user authenticate request comes in, it came from domain ".domain2.com", hence domains are not matched or recognized.

AuthHub container is already configured to allow CORS request from domain .domain1.com, but we need to make sure all subsequent API requests are coming from legitimately allowed domain by either of the two ways.

1. add below header to mobile app directly during an auth request.

pass: newHeaders ["origin"]= https://api.domain1.com 

2. add "origin" header to API gateway configuration, so that all requests carry Header something like  ["origin"]= https://api.domain1.com

Note, the API gateway actual configuration will have different syntax from above.

Additional Information

33508933