Setting up AWS Cognito - Githubissues

LD4P / sinopia_server

[Deprecated - switching to MongoDB] Sinopia Back-end CRUD Service. LDP-inspired, HTTP Server taking JSON-LD resources & administrative metadata.

Apache License 2.0

1 stars 1 forks source link

Setting up AWS Cognito #25

Closed jermnelson closed 5 years ago

jermnelson commented 5 years ago

Setup a running Cognito instance for experimentation using Terraform.

atz commented 5 years ago

There are 8 different Cognito components and usage can get reasonably complex, including lambdas, email verification templates, etc. For example, see the diagram from one 3rd party module here.

I do not have a strong understanding of our expected use cases here, other than "store basic user account", "allow authentication", and "provide token". So I don't know how much of the other stuff is in play:

Do we allow user signup?
- Do we require email verification? or link to Amazon/Facebook/Google accts?
- Do we want to link to Github accounts? That is not available by default, but seems possible using a 3rd party wrapper/shim app.
- Do we require further manual approval?

Basically, I could use a better description of what kind of flow we want to support.

jermnelson commented 5 years ago

From what I recall from discussions last summer/fall, we would allow user signup who would then need to manually approved by @michelleif , at least for the MVP. This scenario is not scalable so giving Michelle options about what use cases Cognito can support and then let her decide or take the options to the user group for their consideration should help us to decide what components we need for this work-cycle.

atz commented 5 years ago

The default configurable social sign-ins are Amazon, Facebook and Google. Any other social link requires extra infrastructure (for us to build/maintain), so should be a deliberate commitment, not just a preference.

My understanding is that we will be using the auth token between our front end and our server, as described in "Access Your Server-side Resources with a User Pool".

IF we want to allow a user who is a member of multiple groups to select which group is "active" for given operation, we will need to build that capability into the front end, and acquire the cognito auth token as described here.

Otherwise, we should define our groups w/ appropriate precedence values. I.E., admin precedes PCC precedes institution precedes unaffiliated.

jermnelson commented 5 years ago

Closed, AWS setup is in Terraform.