Technical Debt (security): Implement client_secret in login

[fyliu]

Dependency

• 241

Overview

For #241, we decided to disable a security feature of OAuth2 authentication in order to get backend login to a working state. It should be implemented correctly in order to protect the backend against that class of attacks.

Action Items

• [ ] create an app client in the cognito user pool that contains client_secret
• [ ] implement a solution in PD that can successful authenticate against cognito using the client_secret value

Resources/Instructions

• what is the purpose of client_secret?

[fyliu]

Marking as draft because the issue that causes this is not complete.