search

fun-stack / terraform-aws-fun

Terraform module to provision AWS infrastructure for fun-stack
MIT License
5 stars 1 forks source link

Cognito: different app client for localhost redirect #7

Open fdietze opened 3 years ago

fdietze commented 3 years ago

@maxpschonder

FloWi commented 3 years ago

here is the cdk code that @maxpschonder helped me set up

const enduserClient = pool.addClient('enduser-pool-client', {
  idTokenValidity: cdk.Duration.days(1),
  accessTokenValidity: cdk.Duration.days(1),
  refreshTokenValidity: cdk.Duration.days(180),
  authFlows: {
    userPassword: true,
    userSrp: true,
  },
  generateSecret: false,
  preventUserExistenceErrors: true,
  readAttributes: new cognito.ClientAttributes().withStandardAttributes({
    fullname: true,
    email: true,
    preferredUsername: true,
  }),
  oAuth: {
    callbackUrls: [`https://enduser.${props.environment}.your-domain.xyz/`],
    logoutUrls: [`https://enduser.${props.environment}.your-domain.xyz/`],
    scopes: [
      cognito.OAuthScope.EMAIL,
      cognito.OAuthScope.OPENID,
      cognito.OAuthScope.PROFILE,
      cognito.OAuthScope.COGNITO_ADMIN,
    ],
  },
})

const devClient = pool.addClient('enduser-pool-dev-client', {
  idTokenValidity: cdk.Duration.days(1),
  accessTokenValidity: cdk.Duration.days(1),
  refreshTokenValidity: cdk.Duration.days(30),
  authFlows: {
    userPassword: true,
    adminUserPassword: true,
  },
  generateSecret: false,
  preventUserExistenceErrors: true,
  readAttributes: new cognito.ClientAttributes().withStandardAttributes({
    fullname: true,
    email: true,
    preferredUsername: true,
  }),
  oAuth: {
    callbackUrls: ['http://localhost:9000/'],
    logoutUrls: ['http://localhost:9000/'],
    scopes: [
      cognito.OAuthScope.EMAIL,
      cognito.OAuthScope.OPENID,
      cognito.OAuthScope.PROFILE,
      cognito.OAuthScope.COGNITO_ADMIN,
    ],
  },
})