FAM Onboarding

Purpose of FAM

FAM aims to be the central authentication/authorization hub for modernized Natural Resource Sector applications. It follows the OIDC (Open ID Connect) standard process and flow to secure the applications and will provide business clients manage their own staff access (roles) in highly secure and friendly way. Please visit Wiki Home Page for more information.

Brief Technical Summary

FAM is built on AWS Cloud and the heart of FAM is built on highly secure and popular "Amazon Cognito" to support forestry applications access control needs. Cognito follows OIDC/OAuth2 standard protocols and supports rich integration. FAM currently is integrated with custom identity providers (IDIR and BCeID) and will later integrate with BC Services Card and provide access management capabilities for those users. Please visit Architecture for more details.

Making a Request

Use the FAM Onboarding Questionniare to provide the required information.

Based on the information we get, we will create a new client in FAM for your project, and send the client details to your contact person for all environments that are requested. It includes the following configuration parameters:

{
    aws_cognito_region: "this is fam cognito region",
    aws_user_pools_id: "this is the fam user pool id",
    aws_user_pools_web_client_id: "this is your client id",
    aws_mandatory_sign_in: 'enable',
    oauth: {
        domain: "this is the cognito oauth domain",
        scope: ['openid'],
        redirectSignIn: "this is the login redirect url you give to us",
        redirectSignOut: "this is the logout chain url + the logout redirect url you give to us"
        responseType: 'code',
    },
    federationTarget: 'COGNITO_USER_POOLS',
};

Start Using your Client Configuration

Once you have your client details, you can configure your application to use the service for your application login. We suggest to use the AWS Amplify library.

An example:

• Install Amlify library for nodejs project

  npm install aws-amplify
  

• Config the Amlify library where you want to use it, where the aws-exports is the file stores all the configuration parameters we send to you

  import { Amplify } from 'aws-amplify';
  import awsconfig from './aws-exports';
  
  Amplify.configure(awsconfig);
  

• Amplify methods, more methods please check its documnetation:

  • Login:

    import { Auth } from 'aws-amplify';
    
    Auth.federatedSignIn();
    

  • Logout:

    Auth.signOut();
    

  • Get current user:

    Auth.currentAuthenticatedUser();
    

  • Get tokens:

    Auth.currentSession();
    

Create/Transfer User Roles

• get roles from our client and add to our database?
• assign a fam admin role to someone from the client team?
• when user just do general login without authorization, will the token be different?

Create/Transfer Users