thtliife
commented
1 year ago Some advice from AWS on this would be amazing... Imagine a world where we don't have to have users authenticate to multiple services to use a single app! :)
Closed maddoxd closed 1 year ago
thtliife
commented
1 year ago Some advice from AWS on this would be amazing... Imagine a world where we don't have to have users authenticate to multiple services to use a single app! :)
jagadeeshaby
commented
1 year ago This isn't something Amazon Connect Streams library support today, but I'll make sure to track this as a feature request, and update this when we know more.
Closest i could recommend is to make use of AWS Amplify to interact with other AWS REST/graphQl services - https://docs.amplify.aws/lib/restapi/getting-started/q/platform/js/
hxgnZO
commented
1 year ago Definitely agree this would be a nice feature to add, especially if there was some sort of better grouping/pooling based on call center/helpdesk roles/positions. Worth noting that the auth happens through usual AWS resources and services, so you can create something very similar, where you authenticate through whichever identity provider allows your connect application to work. You would login the same way, essentially and be provided a token/configured role/identity, can use SSO identity providers etc. It's a deep hole I'm exploring, but look into cognito and Identity Center (not IAM, the formerly SSO one). The thing I wish I could do with this setup is reuse the hosted client connection to access specific resources without giving someone console access, or building a bunch of API/Lambdas. Really really need something like the CCP for other services- a sort of mini, customizable based on roles/attribute console. It's all doable but takes pretty intense resources if you're just getting into it. If it isn't your team, talk to whoever setup your connect sign on/sso config, if you're not using an outside IDP, even easier because you can setup your groups within AWS and assign roles for certain tasks/SDK commands etc.
bml1g12
commented
1 year ago This isn't something Amazon Connect Streams library support today, but I'll make sure to track this as a feature request, and update this when we know more.
Closest i could recommend is to make use of AWS Amplify to interact with other AWS REST/graphQl services - https://docs.amplify.aws/lib/restapi/getting-started/q/platform/js/
@jagadeeshaby I see thank you, it's a shame there's no official route here but please could you clarify how we could authenticate with AWS Amplify after logging into AWS Connect's CCP via SAML?
I'd be interested to hear anyone's solutions for this issue of how to authenticate with other APIs from the CCP using the CCP authentication
Writing a complex custom softphone based on streams will in many cases involve calling other APIs for config etc, not just using the connect client-side javascript methods/subscriptions.
Is there any recommendations for the best way to leverage the CCP authentication to authenticate to other AWS services ? i.e. to an AWS API GW. If we could get access to the Connect Session token in the front-end and somehow pass & validate that at the back-end this would seem to work, but unclear if this is actually possible. I see in CloudTrail the Amazon Connect Service assuming the service-account role, with temp credentials - ASIA..... etc, but can't see a way to tie that to an individual Connect/Streams authenticated user.
Any advice? Thanks