When will Cognito User Pools be supported

laardee / serverless-authentication-boilerplate

Generic authentication boilerplate for Serverless framework

http://laardee.github.io/serverless-authentication-gh-pages

MIT License

568 stars 71 forks source link

When will Cognito User Pools be supported #8

Closed SteveALee closed 7 years ago

SteveALee commented 8 years ago

When requesting a new feature or enhancement, please be sure to include the following:

[x] The reason why you think this new feature will help you and help other users as well

I'm very new to AWS and serverless but know I want to use serverless for the lambda part of my backend. My app, Brian is for older people who will not have accounts so federated access is no good. I saw that I could manage my own auth but that is more than I wish to take on. Then I discovered the Beta/Preview User Pools which are perfect. Or will be once stable. I can add federation later.

[x] The reason why you think this new feature is relavent to the Serverless Framework (within scope)

I'm not clear on the road map for User Pools or how much churn their may yet be but I think they will be a great feature to extend the existing serverless support. It extends the options for authentication.

[x] If you're familiar with our codebase, I'd be really helpful to share some design ideas on how to implement it, or better yet, open a PR!

Way beyond me but I guess it needs core support and then adding to the boilerplate

laardee commented 8 years ago

I've only briefly looked at the Cognito User Pools documentation, but I think it is something that could be implemented. I'll try to evaluate the User Pools more carefully soon.

SteveALee commented 8 years ago

You have to create a 'federated' pool and link it to the user pool. That seems pretty obvious now but the names through me. Apparently the docs are being improved.

The client sdk is here https://github.com/aws/amazon-cognito-identity-js , again confusing names.

Note you either need to set unauth user acess or

AWSCognito.config.update({accessKeyId: 'dummy', secretAccessKey: 'dummy'})

I'll creat a PR for that

mikeghen commented 8 years ago

:+1: This is also something I have been looking into. I'm attempting to move LambdAuth to Serverless. I don't think that repository is taking advantage of the beta features Cognito recently added though.

mikedizon commented 8 years ago

@mikeghen how far have you gotten with LambdaAuth? I've been looking at that too.

mikeghen commented 8 years ago

@mikedizon: I've ported some of the functions to a serverless project and I put the code in this repo: https://github.com/mikeghen/auth-lite.

I've gotten far enough to realize that the LambdaAuth project actually doesn't use Cognito User Pools. My guess is that it was created before User Pools was available. I've been reviewing the AWS Nodejs API documentation for AWS.CognitoIdentityServiceProvider.

My plan is to use some of the functions from LambdaAuth in my auth-lite project and integrate Cognito using AWS.CognitoIdentityServiceProvider as much as possible. I'd like to lean on AWS Cognito as much as possible. I found this as an example code snippet: http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html.

Where are you at @mikedizon?

mikedizon commented 8 years ago

@mikeghen I literally just began exploring now. I'm surprised that no one's implemented a method that users cognito!

mikedizon commented 8 years ago

@mikeghen seems that the create-user-pool command referened in the (beta) docs doesn't yet exist.

http://docs.aws.amazon.com/cognito/latest/developerguide/setting-up-cognito-user-identity-pools.html

Is that right? Or am I doing something wrong. I'm running the latest dev version of awscli.

laardee commented 8 years ago

@mikedizon it doesn't throw errors with aws-cli 1.10.24

$ aws cognito-identity create-identity-pool --identity-pool-name testpool --no-allow-unauthenticated-identities
{
    "IdentityPoolId": "us-east-1:1d749cdf-4919-4918-9d9f-a77cb01fdf02", 
    "AllowUnauthenticatedIdentities": false, 
    "IdentityPoolName": "testpool"
}

but it's not visible in aws console...

I can also delete it

$ aws cognito-identity delete-identity-pool --identity-pool-id us-east-1:1d749cdf-4919-4918-9d9f-a77cb01fdf02

and if I try to delete it again it throws error

A client error (ResourceNotFoundException) occurred when calling the DeleteIdentityPool operation: IdentityPool 'us-east-1:1d749cdf-4919-4918-9d9f-a77cb01fdf02' not found.

prem911 commented 7 years ago

@mikedizon I started looking at Cognito Javascript APIs for NodeJS but got stuck at User Authentication. There is a dependency on jsbn and sjcl which for some reason is making a browser call instead of a server call. I was looking at options of moving all the calls to Lambda to bypass these issues. So, yes waiting for some samples which could demonstrate all the Cognito User Pool APIs on nodejs + lambda.

mikedizon commented 7 years ago

@prem911 surprised this issue is still open! :|

joshuar500 commented 7 years ago

Looks like the docs can help with this. There is sample code too.

http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html

laardee commented 7 years ago

I'll close this one and let's continue the conversation in this issue https://github.com/laardee/serverless-authentication-boilerplate/issues/30