🖼📋 Epic 2 User Profile: Encrypting Data in Transit via Auth0, Lob, Twilio

[manishapriya94]

Feature Batches

For 2024 Fall cohort:
Auth0 integration: check https://github.com/OpenSourceFellows/amplify_docs/discussions/11
SMS letter workflow (Twilio): check https://github.com/OpenSourceFellows/amplify_docs/discussions/10

---

User Profile base setup (Weeks 2-5)

• https://github.com/ProgramEquity/amplify/issues/455 (Auth0 and User login)
• Create tracking to understand accessibility  #405

Data Collection Mechanism (Weeks 6-9)

• If SMS is more accessible: Twilio integration for sms alerts  #128 (sms version of webapp)

• If we want to stay on webapp: Data in Transit: Lob letter cardinality #49
  

Context

PII stands for personally identifiable information, any data that can be used to identify a specific person. The most common forms of PII include things like Social Security numbers, email addresses, and phone numbers. PII can also refer to digital identifiers, such as biometric data, geolocation, user IDs, and an IP address.

PII compliance is a complex ecosystem. Unlike Protected Health Information (PHI), which is primarily governed by HIPAA, there is a network of regulations all over the world that aim to enforce PII compliance.

In the U.S., the National Institute of Standards and Technology (NIST) Guide to Protecting the Confidentiality of Personally Identifiable Information defines “personally identifiable” as information like name, Social Security number, and biometric records, which can be used to distinguish or trace an individual’s identity.

How PII Applies to Amplify

• Collecting information around the user: name, address
  • Currently we upload all of this information within the Lob API which is GDPR and PCI compliant
• Collecting payment information
  • Using Stripe Checkout which has GDPR compliance

Questions to think through around the principles of PII Policy:

• Be lawful, transparent, and fair
  • open source license
• Be for essential purposes only
  • validating constituency towards an enrolled district to follow CMS guidelines
• Use as little personal information as possible
  • How doo we balance identity validation and current input?
• Be accurate and timely
  • Lob fulfills this via post
• Complete within a reasonable timeframe
  • create an API timeout for Lob and Stripe APIs
• Guarantee integrity and confidentiality
• What precautions do we take in a PostgreSQL database which abstracts operations via an ORM?

[nawazkhan]

Follow these steps to integrate Auth0 and Twilio based SMS auth to Amplify https://auth0.com/docs/quickstart/spa/vuejs?framed=1&sq=1#configure-auth0

[nawazkhan]

@beverand @wallace @Terieyenike @smgraywood

[smgraywood]

@nawazkhan Is there an issue for integrating Auth0 or Twilio to Amplify? If not, should we make one?

[nawazkhan]

@Terieyenike @smgraywood Npm Installing @auth0/auth0-vue is throwing peer dependency conflicts. The first step would be to clear the conflicts and continue with the Auth0 docs instructions from link

If you would like to spin up and play with your own Vue app Auth, follow this link

[wallace]

👋🏾 , @Terieyenike , @CBlue88 , and myself attempted to recreate the peer dependency conflicts when attempting to install auth0-vue.

I manually modified this line and attempting to replace it with version 4.0.12 and 4.1.6. Neither resolved the error. Is there someone on the project with more javascript / node experience who could give us some pointers or help us address this issue?

@wallace ➜ /workspace (495-wallace-spike-auth0-vue) $ npm install @auth0/auth0-vue
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @auth0/auth0-vue@2.0.2
npm ERR! Found: vue-router@3.5.4
npm ERR! node_modules/vue-router
npm ERR!   vue-router@"^3.5.4" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peerOptional vue-router@"^4.0.12" from @auth0/auth0-vue@2.0.2
npm ERR! node_modules/@auth0/auth0-vue
npm ERR!   @auth0/auth0-vue@"*" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: vue-router@4.1.6
npm ERR! node_modules/vue-router
npm ERR!   peerOptional vue-router@"^4.0.12" from @auth0/auth0-vue@2.0.2
npm ERR!   node_modules/@auth0/auth0-vue
npm ERR!     @auth0/auth0-vue@"*" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /home/node/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/node/.npm/_logs/2023-03-08T20_54_11_774Z-debug-0.log

[wallace]

@Terieyenike , @CBlue88, I was able to resolve the conflict with the vue-router library. Check out my draft PR, #524.

You can fork off my branch, 495-wallace-spike-auth0-vue. Let me know if you have any questions.

[manishapriya94]

• Twilio integration for sms alerts  Twilio integration for sms alerts  #128

#128 @smgraywood issue exists

[manishapriya94]

Pair Hour decisions 3/29

• ways of working:
  • have a shared feature branch epic2
  • make pull requests against epic2
  • future question: how do we stay synchronized with main if epic2 is a long lived branch?

Our focus is to update the two data models of constituents and letters_sent while we set up Twilio to create communication for

• Backend: @beverand

  • verify that auth0 works after uncommenting related code ( see this PR for the Auth0 related code to uncomment. E.g. https://github.com/ProgramEquity/amplify/pull/433/files#diff-41e7966c98866325109051cec8a428e1bb1bccf81d65cbdac4bebbfdd9c85fbbR56 )
  • update constituent to have
    • phone number
    • Letter workflow through SMS #147 is probably the correct issue.
    • assumption is that when the user authenticates with auth0, the amplify application can get the users phone number and then store it locally within the constituents
  • explore notifications table?
    • string message
    • date
    • campaign
    • letter id

• Route integration for twilio? @davidchapuis ( Route integration #145 )

• Frontend @Terieyenike

  • create a checkbox in signName component for constituent

Future of profile:
-- SQL query int counter for letters_sent that is a subset of the user's

[davidchapuis]

https://auth0.com/docs/api/authentication#get-user-info about getting user info from Auth0

[davidchapuis]

about
"assumption is that when the user authenticates with auth0, the amplify application can get the users phone number and then store it locally within the constituents"
it seems to be possible
check https://community.auth0.com/t/getting-users-phone-numbers/12628