feat: Support multiple additional clients token validation

mblackgeo / flask-cognito-lib

A Flask extension that supports protecting routes with AWS Cognito following OAuth 2.1 best practices

https://mblackgeo.github.io/flask-cognito-lib/

MIT License

57 stars 15 forks source link

feat: Support multiple additional clients token validation #24

Closed alegoru closed 9 months ago

alegoru commented 1 year ago

multi-client flask api drawio

Add a new config attribute called "ADDITIONAL_AWS_COGNITO_USER_POOL_CLIENT_IDS".

This is a client ids list that enables the flask app to validate multiple clients of the same aws cognito user pool, this is important in a multi-client and single backend architectures, for instance mobile, web, and desktop applications using the same flask application as backend.

Testing user pool information was updated because a new access token and id token were needed in a different client of the same user pool of principal access token and id token of the tests, testing parameters can be restored to previous values if an additional access token and id token are created with another client of the previous user pool.

alegoru commented 1 year ago

It might be better if we retain the information from the original test user pool.

Could you please generate an access token and an ID token with a different client ID in the same user pool and with the same nonce as the original access token?

This way, I can restore the tests of this pull request to how they were and reduce the number of changes. I don't like altering so many lines of tests just for a few lines of functional code.

What are your thoughts?

codecov-commenter commented 12 months ago

Codecov Report

Merging #24 (492c8dd) into main (8babbfc) will not change coverage. The diff coverage is 100.00%.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

@@            Coverage Diff            @@
##              main       #24   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            9         9           
  Lines          304       307    +3     
=========================================
+ Hits           304       307    +3

Files Changed	Coverage Δ
src/flask_cognito_lib/config.py	`100.00% <100.00%> (ø)`
src/flask_cognito_lib/services/token_svc.py	`100.00% <100.00%> (ø)`

alegoru commented 12 months ago

I added test_verify_additional_id_token.

mblackgeo commented 11 months ago

Hey, thanks for the feature request, looks good.

I don't have access to a Cognito User Pool at the moment to generate any new tokens and I agree it's a lot here to change the token for the existing tests - could you look at implementing tests with mocks instead? e.g. see the tests added in #20 for an example