UserPool - just as it sounds, defines a pool of users allowed to authenticate with our resources
IdentityProvider - provides an integration with Azure AD, so that all ScottLogic users can gain access to the application
UserPoolClient - determines how the userpool will be accessed, including the auth flow to use, any identity provider(s) to integrate with, and other stuff such as token lifetimes
Prerequisite for #807 and #808
Concerns
I am adding this stack to the CDK app, even though it contains some commented-out code and the stack isn't even being deployed currently, because it was looking a touch tricky to extract it. I will shortly come to the auth stuff anyway, once the Route 53 domain-based stack is added.
Description
Cognito-based CDK auth stack.
Main parts of our Cognito resources are
UserPool
- just as it sounds, defines a pool of users allowed to authenticate with our resourcesIdentityProvider
- provides an integration with Azure AD, so that all ScottLogic users can gain access to the applicationUserPoolClient
- determines how the userpool will be accessed, including the auth flow to use, any identity provider(s) to integrate with, and other stuff such as token lifetimesPrerequisite for #807 and #808
Concerns
I am adding this stack to the CDK app, even though it contains some commented-out code and the stack isn't even being deployed currently, because it was looking a touch tricky to extract it. I will shortly come to the auth stuff anyway, once the Route 53 domain-based stack is added.
Checklist
Have you done the following?