enso-org/enso
1
1
Fork 0
mirror of https://github.com/enso-org/enso.git synced 2024-11-22 22:10:15 +03:00
Code Issues Projects Releases Wiki Activity

Add missing cognito oauth scope (#7450)

Browse Source 
For some reason, the hosted UI for both email and password and SSO, as well as the `Auth.federatedSignIn({provider: 'Google'})` call require the `aws.cognito.signin.user.admin` scope to be enabled to fetch and update user attributed. However, a call to `Auth.signIn(email, password)` does not. This is not well documented in AWS Cognito.

# Important Notes
`aws.cognito.signin.user.admin` gives you access to all Cognito User Pool APIs. Which federatedSignIn with google provider uses to get `currentUserInfo()` where we store optional `organizationId`. It does not provide any admin level access to other cognito or AWS parts.
This commit is contained in:
Paweł Buchowski 2023-08-01 17:50:16 +02:00 committed by GitHub
parent 7441a9a62c
commit 74551b3188
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/ide-desktop/lib/dashboard/src/authentication/src/authentication/config.ts
View File

@ -84,7 +84,11 @@ export type RegisterOpenAuthenticationUrlCallbackFn = () => void
/** AWS region in which our Cognito pool is located. */
export const AWS_REGION = AwsRegion('eu-west-1')
/** Complete list of OAuth scopes used by the app. */
export const OAUTH_SCOPES = [OAuthScope('email'), OAuthScope('openid')]
export const OAUTH_SCOPES = [
OAuthScope('email'),
OAuthScope('openid'),
OAuthScope('aws.cognito.signin.user.admin'),
]
/** OAuth response type used in the OAuth flows. */
export const OAUTH_RESPONSE_TYPE = OAuthResponseType('code')