ID tokens are given by the identity provider for the app to know information about the user who logged in (e.g. email, name).

Access tokens are issued by the identity provider to grant the app access to other APIs, which is the use case for anyone using this library.

More detailed explanation here: https://auth0.com/docs/tokens

Both ID and access tokens are currently accepted for cognito_auth_required.

Just to let you know, the homepage link on Pypi is broken. It points to: https://github.com/jetbridge/flask-cognito. Maybe you should also put a banner in the readme to point to Pypi?
Keep up the good work, cheers!

Hi am very new to flask. How can one use this library with the add_url_rule() method for authentication?

app.add_url_rule(
'/example', #the endpoint
view_func=GraphQLView.as_view( #setting the view function
'lta',
#we set the schema that we generate
schema=schema,
#we say that we do want to use graphqli interface
graphiql=True))

Hi,

Thank you for this helpful package.

I'm trying to integrate an API that wants to use the same endpoints as the web application does. Currently, with the auth required decorator, these methods expect a certain authentication header to be sent, and that to be valid with Cognito. Is there a way I can bypass the decorator by validating the API key instead of the authentication header?

Thanks

Hey, I came across flask_cognito and it seems like a really interesting and good project.

But, as a beginner, it is a bit complicated to understand how this package should be used.

For example: In the readme there is information about initialization with the following code:

@cogauth.identity_handler
def lookup_cognito_user(payload):
    """Look up user in our database from Cognito JWT payload."""
    return User.query.filter(User.cognito_username == payload['username']).one_or_none()

Here, it is really confusing and difficult to understand from where the User comes into play and also what the payload is. I am assuming it is a basic user model (as shown in this tutorial: https://realpython.com/token-based-authentication-with-flask/).

So, it would be great if you can update the readme to include kind of a step-by-step walkthrough.

If there is already an existing tutorial for this, could you please point me to it?

Thanks & Cheers!

Hello,
Thanks for the repo, it is indeed very useful!

Have you considered adding a license such as MIT?

It would allow the usage of the library in projects which need consent from the owners to use them.

I'm trying to use the cognito_group_permissions decorator but isn't working...

Traceback (most recent call last):
File "main.py", line 5, in
from flask_cognito import CognitoAuth, cognito_group_permissions
ImportError: cannot import name 'cognito_group_permissions' from 'flask_cognito' (C:\Users\Cairo\anaconda3\envs\salt\lib\site-packages\flask_cognito.py)

Hello!

Is there a flag or way to disable Authorization @cognito_auth_required globally during development? I don't want to remove all the decorators while testing on the postman.

Hi,
I am trying to Implement User Authentication in Flask using Amazon Cognito.
I am using python 3.9 and installed flask and flask-cognito

I'm encountering an issue while using flask_cognito in my Flask app. When running the app (python app.py), I'm getting the following ImportError:
ImportError: cannot import name '_request_ctx_stack' from 'flask' (/path/to/venv/lib/python3.9/site-packages/flask/init.py)

Any insights or solutions would be greatly appreciated.
Thank you!

Failed authentication attempts get logged at the Error level, with no way to configure it outside of disabling logging for the entire package.

Please provide a way to configure the Log Level for Auth issues, or set to Info level by default.

The rationale for this would be that an API Provider would not need to action a user entering their credentials incorrectly.

Lines affected:

• https://github.com/jetbridge/flask_cognito/blob/master/flask_cognito.py#L114
• https://github.com/jetbridge/flask_cognito/blob/master/flask_cognito.py#L191

To retain the exception details in the error, you can include it via exc_info:

log.info("Authentication Failed", exc_info=e)
log.info("Authentication Failed", exc_info=True)

Hi guys, I have a little question

if COGNITO_JWT_HEADER_PREFIX is optional i can set this in empty, but the code need to validate this,

in get_token we can to have something like this
if (len(parts) == 1): parts = ["", parts[0]]

before the validation

Thanks