Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito client crendetials flow #1528

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Cognito client crendetials flow #1528

wants to merge 5 commits into from

Conversation

drauedo
Copy link
Contributor

@drauedo drauedo commented Oct 29, 2024

Currently, the client credentials flow is not mentioned in our documentation. This PR adds a brief introduction and a sample on how to set it up.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 29, 2024
edited
Loading

🎊 PR Preview has been successfully built and deployed to https://localstack-docs-preview-pr-1528.surge.sh 🎊

usl-cto
usl-cto reviewed Oct 30, 2024
View reviewed changes
content/en/user-guide/aws/cognito/index.md
export client_id=$(awslocal cognito-idp create-user-pool-client --user-pool-id $pool_id --client-name test-client --generate-secret | jq -rc ".UserPoolClient.ClientId")

#Retrieve secret.
export client_secret=$(awslocal cognito-idp describe-user-pool-client --user-pool-id $pool_id --client-id $client_id | jq -r '.UserPoolClient.ClientSecret')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take into account that if the LocalStack user has setup LocalStack as a separate container to their system, they won't be able to get the variables exported here.

What we did was have a local.env file in which the variables were defined (e.g. user pool id). Then pass that to the LocalStack container in the Environment section. Then, in the app use that same local.env to have the same environment information in both containers.

When creating the pool and so on, it would be cool to remind people that you can setup the custom_id, instead of letting LocalStack generate it.

usl-cto
usl-cto reviewed Oct 30, 2024
View reviewed changes
content/en/user-guide/aws/cognito/index.md
if __name__ == "__main__":
get_access_token_with_secret()
```

Copy link

@usl-cto usl-cto Oct 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it would be better to have a sample code in which the Cognito client is created in the Python code, from which you could extract the client ID and secret, and then do the token request. The sh would only need to create the pool.

I say this because that may be a more common scenario, normally you would create as many apps as M2M users are in your system.

MarcelStranak
MarcelStranak requested changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@MarcelStranak MarcelStranak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should make a few more changes:

  • Mention our internal endpoints that provide cognito endpoints within swagger.
  • To follow the structure of previous code and the docs, change the Python script to JavaScript, or provide both versions with 2 tabs. (example)
  • We can clear parts from the shell script:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@usl-cto usl-cto usl-cto left review comments

@MarcelStranak MarcelStranak MarcelStranak requested changes

@giograno giograno Awaiting requested review from giograno

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@drauedo @usl-cto @MarcelStranak