-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cognito client crendetials flow #1528
Conversation
Deploy PR Preview failed. |
export client_id=$(awslocal cognito-idp create-user-pool-client --user-pool-id $pool_id --client-name test-client --generate-secret | jq -rc ".UserPoolClient.ClientId") | ||
|
||
#Retrieve secret. | ||
export client_secret=$(awslocal cognito-idp describe-user-pool-client --user-pool-id $pool_id --client-id $client_id | jq -r '.UserPoolClient.ClientSecret') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Take into account that if the LocalStack user has setup LocalStack as a separate container to their system, they won't be able to get the variables exported here.
What we did was have a local.env file in which the variables were defined (e.g. user pool id). Then pass that to the LocalStack container in the Environment section. Then, in the app use that same local.env to have the same environment information in both containers.
When creating the pool and so on, it would be cool to remind people that you can setup the custom_id, instead of letting LocalStack generate it.
Co-authored-by: usl-cto <[email protected]>
if __name__ == "__main__": | ||
get_access_token_with_secret() | ||
``` | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that it would be better to have a sample code in which the Cognito client is created in the Python code, from which you could extract the client ID and secret, and then do the token request. The sh would only need to create the pool.
I say this because that may be a more common scenario, normally you would create as many apps as M2M users are in your system.
Co-authored-by: usl-cto <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should make a few more changes:
- Mention our internal endpoints that provide cognito endpoints within swagger.
- To follow the structure of previous code and the docs, change the Python script to JavaScript, or provide both versions with 2 tabs. (example)
- We can clear parts from the shell script:
- Remove duplicate how to create user pool.
- Remove duplicate how to add a client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for updating the docs. :) LGTM
Co-authored-by: MarcelStranak <[email protected]>
Co-authored-by: MarcelStranak <[email protected]>
Co-authored-by: MarcelStranak <[email protected]>
Co-authored-by: MarcelStranak <[email protected]>
Co-authored-by: MarcelStranak <[email protected]>
Co-authored-by: MarcelStranak <[email protected]>
Currently, the client credentials flow is not mentioned in our documentation. This PR adds a brief introduction and a sample on how to set it up.