Closed jermnelson closed 5 years ago
There are 8 different Cognito components and usage can get reasonably complex, including lambdas, email verification templates, etc. For example, see the diagram from one 3rd party module here.
I do not have a strong understanding of our expected use cases here, other than "store basic user account", "allow authentication", and "provide token". So I don't know how much of the other stuff is in play:
Basically, I could use a better description of what kind of flow we want to support.
From what I recall from discussions last summer/fall, we would allow user signup who would then need to manually approved by @michelleif , at least for the MVP. This scenario is not scalable so giving Michelle options about what use cases Cognito can support and then let her decide or take the options to the user group for their consideration should help us to decide what components we need for this work-cycle.
The default configurable social sign-ins are Amazon, Facebook and Google. Any other social link requires extra infrastructure (for us to build/maintain), so should be a deliberate commitment, not just a preference.
My understanding is that we will be using the auth token between our front end and our server, as described in "Access Your Server-side Resources with a User Pool".
IF we want to allow a user who is a member of multiple groups to select which group is "active" for given operation, we will need to build that capability into the front end, and acquire the cognito auth token as described here.
Otherwise, we should define our groups w/ appropriate precedence
values. I.E., admin precedes PCC precedes institution precedes unaffiliated.
Closed, AWS setup is in Terraform.
Setup a running Cognito instance for experimentation using Terraform.