This repository demonstrates how to implement Developer authenticated identities authflow - Enhanced authflow using Amazon Cognito.
- app
- 'Developer Provider' (backend application implemented with Golang)
- client
- Frontend application running on 'Device'
- This application accesses a configuration hosted on AWS AppConfig using credentials obtained through the authflow.
- infra
- Terraform scripts to build Amazon Cognito and AWS AppConfig resources
NOTE:
The following steps are omitted in the application of this repository for simplicity.
1. Login via Developer Provider (code outside of Amazon Cognito)
2. Validate the user login (code outside of Amazon Cognito)
The application starts the flow from 3. GetOpenIdTokenForDeveloperIdentity
.
You have to install the followings beforehand.
- Terraform
- AWS CLI
- Please make sure that credential information is properly configured.
- Golang
- nodejs
cd infra
cp secret.tfvars_sample secret.tfvars
Please edit the secret.tfvars
like the following:
aws_account_id = "<Input your aws account id>"
cognito_provider_name = "login.myapp.example.com"
terraform init
terraform plan -var-file="secret.tfvars"
terraform apply -var-file="secret.tfvars"
Terraform should output identity pool ID. We use this when starting 'app'.
NOTE:
We have to deploy the configuration hosted on AWS AppConfig. Please see Step 5: Deploying a configuration for detailed information.
cd app
export AWS_IDENTITY_POOL_ID= .... # your identity pool ID Terraform outputs
export AWS_LOGIN_PROVIDER=login.myapp.example.com # == 'cognito_provider_name' in secret.tfvars
export AWS_LOGIN_NAME=test_user
export AWS_TOKEN_DURATION_SECONDS=600
go run .
cd client
yarn start
You should see a webpage on localhost:3000
and a start
button on it.
You can test the authflow by pushing the button!