Closed tsibley closed 7 months ago
To clarify something just discussed with Victor: this could get merged and deployed without affecting current Nextstrain CLI clients. The main changes are a new nextstrain.org server endpoint and additional allowed OAuth flows for the CLI's client registration with Cognito. Both are used by work-in-progress Nextstrain CLI changes TKTK, but both are additive and not impacting the current CLI auth flow.
@victorlin @jameshadfield Thoughts on if I should just deploy https://github.com/nextstrain/nextstrain.org/pull/757/commits/1019326ebc378648e51ee54cf1c5024ab7460b85 with this branch? Or drop it and leave it for https://github.com/nextstrain/nextstrain.org/pull/719?
(I'm inclined to just deploy it since it's read-only and public data.)
Seems fine to me, it'll make the dev process easier.
Nextstrain CLI will start using OIDC/OAuth2's authorization code flow to interact with not just AWS Cognito but other IdPs as well (i.e. as used in other deployments of nextstrain.org).
To support this without hardcoding or onerous user-side configuration, Nextstrain CLI will start using the standard OIDC configuration endpoint, /.well-known/openid-configuration, to auto-discover necessary configuration about both the IdP to talk to and the client it should be.
Related-to: https://github.com/nextstrain/private/issues/94
Related CLI PR: TKTK
Checklist