search

NASA-IMPACT / veda-auth

Authentication service for the VEDA system
Other
0 stars 1 forks source link

Publish VEDA auth cognito client to PyPI #8

Closed anayeaye closed 1 year ago

anayeaye commented 2 years ago

What

VEDA notebook users and data managers should be able to install cognito client for password authentication

abarciauskas-bgse commented 2 years ago

I started creating this package (https://github.com/developmentseed/cognito_client) and pushed it to testpypi.org following these instructions: https://realpython.com/pypi-publish-python-package/ and also making some use of the patterns in morecantile. I just want to finish testing + documenting it (and have someone else test it) before calling this complete.

abarciauskas-bgse commented 2 years ago

@anayeaye @j08lue I created https://github.com/developmentseed/cognito_client - could either of you test it or find someone else to test it? Perhaps even Alexey? Note it does depend on user having access to Cognito Identity pool, user pool and client IDs

j08lue commented 2 years ago

Looks great, @abarciauskas-bgse! Neat interface, nice docs and examples. 😍

I do not have the credentials yet to test this. Will try to get some and test.

A few questions to be able to forward this to our users:

  1. Which of our user processes are intended to be authorized with the Cognito identity?

    1. Upload of data into veda-data-store-staging?
    2. What else?

  2. Are these statements correct?

    1. Without this client, a user would need to authorize these processes with their AWS role (from IAM). We do not want to have to give all users AWS identities, but use Cognito for auth to our services.
    2. What a user with an AWS identity gets from using this client: They do not need to store their AWS credentials in the environment they are accessing the resources from.
    3. What a user with just a Cognito account gets from this client: Convenience in generating temporary AWS credentials from their Cognito ID to use with boto3 etc.
j08lue commented 2 years ago

Ping @amarouane-ABDELHAK for demo of his CSDA solution

j08lue commented 1 year ago

I verified that the client can be downloaded and it looks good. Any changes to docs or code go in new tickets.

anayeaye commented 1 year ago

I just got to testing this today but I was able to obtain what appear to be working AWS credentials and session tokens for the veda-auth veda-data-managers groups in both UAH and MCP stacks after pip installing this cognito_client!