search

lealceldeiro / org.wcdevs.blog.front

Holds the `org.wcdevs.blog.front` application
https://wcdevs.org
Apache License 2.0
2 stars 0 forks source link

Investigate how to integrate the front-end client with AWS cognito #5

Open lealceldeiro opened 2 years ago

lealceldeiro commented 2 years ago

Investigate how to integrate (and tentatively do the actual integration) the front-end client with AWS Cognito (sign-in/sign-up flow).

lealceldeiro commented 2 years ago

@YuryDG this is top priority now front-end wise.

lealceldeiro commented 2 years ago

@YuryDG , this looks interesting https://github.com/maxmantz/redux-oidc

lealceldeiro commented 2 years ago

Here, this field with value response_type: "token" allowed the integration OK, but the there was an error in the response "unexpected filed token_id" or something like that.

With value response_type: "id_token token" as it is now, the integration is failing with Cognito, we need to investigate further if it's just a matter of tweaking the handling in the response or if the arguments provided in the request need to be changed.

In the end, if we use a different library or component to do the integration react-cognito, this may not be needed after all. And the config is different, what's import is the following:

The authority url is as follow: https://cognito-idp.<region>.amazonaws.com/<user_pool_id>/ -- we need to allow receiving region and user_pool_id as arguments, maybe as environment variables

And the url https://cognito-idp.<region>.amazonaws.com/<user_pool_id>/.well-known/openid-configuration contain all the info we need.

Also, we must allow receiving the client id/secret as variables.

For now develop contains a PoC so we can move in that direction

lealceldeiro commented 2 years ago

Integration PoC was successful after 84e796a99e9a4224f0e4906301b55ee710509567 was done in develop.

More info on how to tweak this implementation in future can be found at:

https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/

lealceldeiro commented 2 years ago

@YuryDG , When I did this PoC I used the Implicit Grant flow. For our use case we should use the Authorization Grant flow, hence I'm reopening the issue.

Some useful reading may be https://medium.com/codefully-io/authentication-with-aws-cognito-react-and-express-b3acf17d37e6

lealceldeiro commented 2 years ago

@YuryDG is this ticket still in progress? Can you update its status if needed?

YuryDG commented 2 years ago

I think this is almost done, I'll update after making some test,