Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito client secrets - API client #174

Open
5 tasks
fyliu opened this issue Jul 21, 2023 · 6 comments
Open
5 tasks

Cognito client secrets - API client #174

fyliu opened this issue Jul 21, 2023 · 6 comments
Labels
complexity: small All steps are laid out in detail so that someone new to the project can work on it dependency Issue has dependencies discussion feature: DR this issue contains info that should be written into/or update abDecision Record (DR) feature: infrastructure For changes on site technical architecture ready for dev lead research Issue involving doing research role: back end s: PD team stakeholder: People Depot Team size: 0.5pt Can be done in 3 hours or less
Milestone
v0.01. Initial Setup

Comments

@fyliu
Copy link
Member

fyliu commented Jul 21, 2023
edited
Loading

Dependency

Overview

As discussed in #147, we need to implement app tokens in addition to user cognito tokens so we can restrict access to approved apps only. i.e. VRMS, website, CTJ.

Action Items

Resources/Instructions
@fyliu fyliu added role: back end size: 3pt Can be done in 13-18 hours research Issue involving doing research feature: infrastructure For changes on site technical architecture s: PD team stakeholder: People Depot Team feature: DR this issue contains info that should be written into/or update abDecision Record (DR) labels Jul 21, 2023
@fyliu fyliu added this to the v0.01 - initial setup milestone Jul 21, 2023
@fyliu

This comment was marked as outdated.

Sign in to view
@fyliu fyliu added the help wanted Extra attention is needed label Jul 21, 2023
@ExperimentsInHonesty

This comment was marked as outdated.

Sign in to view
@JasonEb JasonEb mentioned this issue Aug 15, 2024
Open
2 tasks
This was referenced Aug 4, 2023
Open
Open
@fyliu fyliu removed the help wanted Extra attention is needed label Aug 4, 2023
@fyliu fyliu mentioned this issue Aug 11, 2023
Closed
4 tasks
@fyliu

This comment was marked as off-topic.

Sign in to view
@ExperimentsInHonesty ExperimentsInHonesty added draft This issue is not fully-written ready for dev lead labels Feb 16, 2024
@fyliu
Copy link
Member Author

fyliu commented May 26, 2024
edited
Loading

Do we still want to have API keys?

API key is a little different than what we initially thought

  • It's less secure than OAuth and is used more as an identifier than a security measure. It's mainly for applications such as logging actions by clients. Like how is CTJ using the API? What is it calling the most? etc.
  • We can revoke the keys like we wanted
  • To make use of the API key, a client would need to have a backend compnent to hide the key from the user. It'd be relatively easy to extract the key from the frontend code since it's loaded into the user's browser for execution.
    • Do all the people-depot clients have a backend component? CTJ, Website, VRMS? They would just need a little bit of code to add the API key to each request.

Cognito already supports this for login

Do we want peopledepot API keys

  • it would be for accessing the data API
  • the data API already requires the cognito token that comes from logging in. So maybe it's enough that the cognito token uses API keys?
  • The packages djangorestframework-api-key and django-oauth-toolkit can create API keys if we need it

@fyliu fyliu assigned fyliu and unassigned fyliu May 26, 2024
@ExperimentsInHonesty
Copy link
Member

We are going to use Cognito client secrets so that when a user logs into vrms or ctj (client systems), and the client system makes a request to authenticate that user and then show them data, we will know its coming from a client system

@shmonks shmonks changed the title Research add app token Cognito client secrets - API client Aug 1, 2024
@fyliu fyliu mentioned this issue Aug 9, 2024
Open
10 tasks
@fyliu
Copy link
Member Author

fyliu commented Aug 9, 2024
edited
Loading

We already have a work issue #242 to integrate with cognito using a client secret. It looks like that issue's dependency #241 is closed and we need to point to the new issue @ethanstrominger made #323, if the PR for it has the same problem of working only with client secret disabled.

Putting this in the ice box until that PR is completed.

@fyliu fyliu added complexity: small All steps are laid out in detail so that someone new to the project can work on it size: 1pt Can be done in 4-6 hours size: 0.5pt Can be done in 3 hours or less and removed draft This issue is not fully-written complexity: missing size: 3pt Can be done in 13-18 hours size: 1pt Can be done in 4-6 hours labels Aug 9, 2024
@fyliu fyliu removed their assignment Aug 13, 2024
@shmonks shmonks added the dependency Issue has dependencies label Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: small All steps are laid out in detail so that someone new to the project can work on it dependency Issue has dependencies discussion feature: DR this issue contains info that should be written into/or update abDecision Record (DR) feature: infrastructure For changes on site technical architecture ready for dev lead research Issue involving doing research role: back end s: PD team stakeholder: People Depot Team size: 0.5pt Can be done in 3 hours or less
Projects
P: PD: Project Board
Status: 🧊Ice Box
Milestone
v0.01. Initial Setup
Development

No branches or pull requests
3 participants
@fyliu @ExperimentsInHonesty @shmonks