Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cognito client crendetials flow #1528

Merged
merged 14 commits into from
Dec 12, 2024
Merged

Conversation

drauedo
Copy link
Contributor

@drauedo drauedo commented Oct 29, 2024

Currently, the client credentials flow is not mentioned in our documentation. This PR adds a brief introduction and a sample on how to set it up.

Copy link

github-actions bot commented Oct 29, 2024

Deploy PR Preview failed.

export client_id=$(awslocal cognito-idp create-user-pool-client --user-pool-id $pool_id --client-name test-client --generate-secret | jq -rc ".UserPoolClient.ClientId")

#Retrieve secret.
export client_secret=$(awslocal cognito-idp describe-user-pool-client --user-pool-id $pool_id --client-id $client_id | jq -r '.UserPoolClient.ClientSecret')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take into account that if the LocalStack user has setup LocalStack as a separate container to their system, they won't be able to get the variables exported here.

What we did was have a local.env file in which the variables were defined (e.g. user pool id). Then pass that to the LocalStack container in the Environment section. Then, in the app use that same local.env to have the same environment information in both containers.

When creating the pool and so on, it would be cool to remind people that you can setup the custom_id, instead of letting LocalStack generate it.

if __name__ == "__main__":
get_access_token_with_secret()
```

Copy link

@usl-cto usl-cto Oct 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it would be better to have a sample code in which the Cognito client is created in the Python code, from which you could extract the client ID and secret, and then do the token request. The sh would only need to create the pool.

I say this because that may be a more common scenario, normally you would create as many apps as M2M users are in your system.

Copy link
Contributor

@MarcelStranak MarcelStranak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should make a few more changes:

  • Mention our internal endpoints that provide cognito endpoints within swagger.
  • To follow the structure of previous code and the docs, change the Python script to JavaScript, or provide both versions with 2 tabs. (example)
  • We can clear parts from the shell script:

Copy link
Contributor

@MarcelStranak MarcelStranak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for updating the docs. :) LGTM

content/en/user-guide/aws/cognito/index.md Outdated Show resolved Hide resolved
content/en/user-guide/aws/cognito/index.md Outdated Show resolved Hide resolved
content/en/user-guide/aws/cognito/index.md Outdated Show resolved Hide resolved
content/en/user-guide/aws/cognito/index.md Outdated Show resolved Hide resolved
content/en/user-guide/aws/cognito/index.md Outdated Show resolved Hide resolved
content/en/user-guide/aws/cognito/index.md Outdated Show resolved Hide resolved
@giograno giograno merged commit 81af892 into main Dec 12, 2024
5 checks passed
@giograno giograno deleted the Cognito-Client-Crendetials-Flow branch December 12, 2024 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants