AWS Cognito
Userpool Creation
The userpool is created in each environment, using AWS CDK. More information on this can be found in Cognito User Pool.
Once deployed, the userpool id and the app client id are needed for the Cognito integration to work correctly. These values are injected into the environment variables of the docker image deployed for the customer service and these are in turn used by the configuration.
Userpool Clients
The userpool can have any number of application clients accessing it. On pool instantiation, we create one app client for use with the API. Currently this is the only client that can access the userpool, however in future, we can create more and allow front end clients to go directly to the pool if needed.
Managers
We have a user manager and an admin manager primarily because some functions cannot be undertaken by the authenticated user and require a higher level of authority.
User Manager Capabilities
Create User Account
Creates a user account using the self sign up Auth Flow
For the present, we auto confirm our users once they are created in the system. This may change in the future.
On platform, the username can either be an email address or a telephone number. For each user we have priveleged the email address so in most cases the username will be that. However some people do not have emails so in that case they will use their mobile number as a username.
Remove User Account
Login User
The authentication method, will login the user and return access and id tokens. If a auth challenge is returned form Cognito, the client will have to respond to this with the appropriate response parameters.
While we may implement features such as MFA and passwordless login at some later stage, we currently don't so for the most part, any challenge will be of the NEW_PASSWORD_REQUIRED type
Logout User
Assign User to group
Change password
Forgotten password
Get user info
Returns the currently logged in users account/profile information
Admin Manager Capabilities
Create User Account
Disable User Account
Disables the user account in the userpool. When disabled, no