mdial89f
commented
2 years ago Hey @leslie-corbalt These changes appear to break the Profile functionality that exists.
- Signup/login using cognito to the deployed env for this PR https://d6qq3huwa1tam.cloudfront.net/
- Once logged in, click My Account in the top right, then Profile
- Punch in a phone number and click Save
- The permissions to make the update aren't available.
I'd like to retain this functionality if possible, as it nods to how a user might manage some of their attributes on that they should be allowed to update. Is there a way for your changes to be made, but continue to allow this?
leslie-corbalt
codeclimate[bot]
Purpose
Linked Issues to Close
https://jiraent.cms.gov/browse/CMCSMACD-531 https://jiraent.cms.gov/browse/CMCSMACD-544 https://jiraent.cms.gov/browse/CMCSMACD-545
Approach
Add code to integrate with Okta OIDC Add parameters to enable Okta SAML and Okta OIDC Verify integration with both Okta types Handle case where both Okta types are provisioned -- use Okta OIDC and not Okta SAML, since only 1 Okta IdP can be enabled
Tested: When Okta SAML is configured and OIDC is not, user can log into Cognito or SAML When Okta OIDC is configured and SAML is not, user can log into Cognito or OIDC When Okta OIDC and SAML are configured, OIDC and Cognito are enabled (SAML is not) and user can log into OIDC or Cognito When neither Okta SAML or OIDC is configured, user can log into Cognito Verified that user Profile displays phone number stored in Cognito user pool. Verified that user can update phone number in Profile and it is stored in Cognito user pool.
Learning
Even though serverless docs say it is possible for serverless.yml to reference a secret in secretsmanager using
ssm:syntax, this is not possible due to permissions restrictions on the cloudtamer role. The cloudtamer role cannot access a secret with prefix/aws/reference/secretsmanager/which is required to get a secret via ssm.Pull Request Creator Checklist
Pull Request Reviewer/Assignee Checklist