search

rollthecloudinc / quell

Climate aware CMS breaking web apps free from carbon emissions.
https://demo.carbonfreed.app/pages/create-panel-page
GNU General Public License v3.0
14 stars 1 forks source link

Migrate to official sso domain #324

Open ng-druid opened 2 years ago

ng-druid commented 2 years ago

dev: https://sso.druidcloud.dev prod: https://sso.druidcloud.io

New Settings (dev)

{
      issuer: "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_z8PhK3D8V",
      authorization_endpoint: "https://sso.druidcloud.dev/oauth2/authorize",
      userinfo_endpoint: "https://sso.druidcloud.dev/oauth2/userInfo",
      end_session_endpoint: "https://sso.druidcloud.dev/logout",
      token_endpoint: "https://sso.druidcloud.dev/oauth2/token",
      jwks_uri: "https://sso.druidcloud.dev/us-east-1_z8PhK3D8V"
    }

Note: issuer remains unchanged Note: The authority also needs to changed at the root level of security settings.

Both dev and prod setup on aws using custom domains. Before users are allowed to login content restrictions need to be implemented.

The simplest form of this is when a user logins or creates a site. They should only be able to affect objects belonging to that site. They will also be able to invite other users. Considering a site is a GitHub repo perhaps it makes sense to piggyback on that invitation and access system. Although in some cases users should only be able to access objects and write through our api only nit actually modify source code if repos.