LucaCinquini
commented
1 year ago During a group meeting, it was decided that all clients should first obtain a JWT token from the Cognito IdP, and then pass that token to any service that requires authentication/authorization.
Possible ways to obtain a JWT token can be found here: https://github.com/unity-sds/unity-cs/wiki/Getting-Cognito-JWT-Tokens-in-Command-Line
For example, using the CURL client, a JWT token can be obtained as follows:
curl -X POST --data @"$PAYLOAD" -H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' -H 'Content-Type: application/x-amz-json-1.1' https://cognito-idp.us-west-2.amazonaws.com/|jq
where the $PAYLOAD is a JSON file that contains te user credentials and the venue-specific client id:
cat $PAYLOAD:
{
"AuthParameters" : {
"USERNAME" : "
mike-gangl
Checked for duplicates No duplicates exist.
Alternatives considered Have system-wide credentials to access the U-DS services. This is what happens now using Luca's credentials.
Describe the feature request Currently, the stage-in and stage-out steps of the L1A and L1B jobs use Luca's specific credentials (stored in the venue SSM store) to access the DAPA services. The project or user specific credentials should be used instead.