AWS Cognito Integration #1256
AWS Cognito Integration #1256
Conversation
Forfend
requested review from
maciejwalkowiak,
MatejNedic and
tomazfernandes
as code owners
maciejwalkowiak
added
type: feature
|
@MatejNedic anything you would like to add? |
|
@Forfend could you also add a sample application in |
|
@maciejwalkowiak yes, in progress |
|
Will take a deep look tomorrow on first glance I like it. Use case itself is valid, I like it good job @Forfend 👍 |
|
@Forfend apologies I wasn't specific enough. I meant more realistic example - how to use it with Spring Security for example. I will try to figure it out today myself. |
…er CognitoTemplate with tests. Support logout functionality
|
@maciejwalkowiak I added some real-world examples and their usage with Spring Security |
...onfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java
Outdated
Show resolved
Hide resolved
...s-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java
Outdated
Show resolved
Hide resolved
spring-cloud-aws-cognito/pom.xml
Outdated
| <dependency> | ||
| <groupId>software.amazon.awssdk</groupId> | ||
| <artifactId>cognitoidentityprovider</artifactId> | ||
| <exclusions> |
There was a problem hiding this comment.
What is reason for Exclusions?
There was a problem hiding this comment.
@MatejNedic tbh there is no specific reason, just not to include additional dependencies. can be removed
|
Hi @MatejNedic, thanks for the review. I fixed all your comments |
| .clientId(clientId).challengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED).session(session) | ||
| .challengeResponses(Map.of(CognitoParameters.USERNAME_PARAM_NAME, username, | ||
| CognitoParameters.NEW_PASSWORD_PARAM_NAME, password, CognitoParameters.SECRET_HASH_PARAM_NAME, | ||
| CognitoUtils.calculateSecretHash(clientId, clientSecret, username))) |
There was a problem hiding this comment.
if clientSecret can be null, this may cause null pointer exception. Is clientSecret mean to be nullable?
There was a problem hiding this comment.
Yes, indeed. It might be null for public clients (by design, they don't have a clientSecret), and those clients mainly use SPA apps. However public clients might be configured to allow auth operations with server-side auth credentials flow. Will make these flows null-safe
|
Thanks @Forfend! We are not going to include it in next release as I need to spend a little more time with it and play. |
📢 Type of change
📜 Description
This PR provides the PoC of AWS Cognito Integration, as discussed with @maciejwalkowiak in #1246. The integration provides a higher level of abstraction over AWS Cognito user pool basic auth operations such as creating a user, logging in, and resetting a password.
💡 Motivation and Context
This feature provides basic (as of this version) integration with AWS Cognito and can be enhanced with future PRs.
💚 How did you test it?
Tested it with the help of an extra pet project. More unit & integration tests are coming in the next commits in the scope of this PR.
📝 Checklist
🔮 Next steps
This integration can be extended by adding functionality for creating and managing user pools, to be discussed...