start to implement developer authenticated identities #9

laardee · May 20, 2016 · 3d8be72 · 3d8be72
1 parent d6f2e6d
commit 3d8be72
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 5 deletions.
diff --git a/authentication/callback/s-function.json b/authentication/callback/s-function.json
@@ -47,6 +47,9 @@
     "SERVERLESS_PROJECT": "serverless-authentication-boilerplate",
     "SERVERLESS_STAGE": "${stage}",
     "SERVERLESS_REGION": "${region}",
+    "COGNITO_IDENTITY_POOL_ID": "${cognitoIdentityPoolId}",
+    "COGNITO_PROVIDER_NAME": "${cognitoProviderName}",
+    "COGNITO_REGION": "${cognitoRegion}",
     "REDIRECT_CLIENT_URI": "${redirectClientURI}",
     "TOKEN_SECRET": "${tokenSecret}",
     "PROVIDER_FACEBOOK_ID": "${providerFacebookId}",

diff --git a/authentication/lib/handlers/callbackHandler.js b/authentication/lib/handlers/callbackHandler.js
@@ -73,10 +73,10 @@ function callbackHandler(event, callback) {
         .then(() => {
           const id = createUserId(`${profile.provider}-${profile.id}`, providerConfig.token_secret);
           const data = createResponseData(id, providerConfig);
-          
+
           Promise.all([
             cache.saveRefreshToken(id),
-            users.saveUser(profile)
+            users.saveUser(Object.assign(profile, { userId: id }))
           ])
             .then((results) => tokenResponse(Object.assign(data, { refreshToken: results[0] })))
             .catch((_error) => errorResponse({ error: _error }));

diff --git a/authentication/lib/storage/usersStorage.js b/authentication/lib/storage/usersStorage.js
@@ -1,6 +1,11 @@
 'use strict';
 
+// Common
+const AWS = require('aws-sdk');
+const config = { region: process.env.SERVERLESS_REGION };
+const dynamodb = new AWS.DynamoDB.DocumentClient(config);
 const Promise = require('bluebird');
+const cognitoidentity = new AWS.CognitoIdentity({ region: process.env.COGNITO_REGION });
 
 const saveDatabase = (profile) => new Promise((resolve, reject) => {
   if (profile) {
@@ -11,6 +16,26 @@ const saveDatabase = (profile) => new Promise((resolve, reject) => {
 });
 
 const saveCognito = (profile) => new Promise((resolve, reject) => {
+  if (profile) {
+    // Use AWS console or AWS-CLI to create identity pool
+    cognitoidentity.getOpenIdTokenForDeveloperIdentity({
+      IdentityPoolId: process.env.COGNITO_IDENTITY_POOL_ID,
+      Logins: {
+        [process.env.COGNITO_PROVIDER_NAME]: profile.userId
+      }
+    }, (err) => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve();
+      }
+    });
+  } else {
+    reject('Invalid profile');
+  }
+});
+
+const saveToUserPools = (profile) => new Promise((resolve, reject) => {
   if (profile) {
     resolve(null);
   } else {
@@ -20,11 +45,11 @@ const saveCognito = (profile) => new Promise((resolve, reject) => {
 
 const saveUser = (profile) => {
   // just temp switch
-  // Here you can save the profile to DynamoDB if it doesn't already exist
-  // In this example it just makes empty callback to continue and nothing is saved.
+
+  // Here you can save the profile to DynamoDB, AWS Cognito or where ever you wish
   // profile class: https://github.com/laardee/serverless-authentication/blob/master/src/profile.js
 
-  if (true) {
+  if (false) {
     return saveDatabase(profile);
   }
   return saveCognito(profile);

diff --git a/s-resources-cf.json b/s-resources-cf.json
@@ -49,6 +49,14 @@
                 "dynamodb:DeleteItem"
               ],
               "Resource": "arn:aws:dynamodb:${region}:*:*"
+            },
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-sync:*",
+                "cognito-identity:*"
+              ],
+              "Resource": "arn:aws:cognito-identity:eu-west-1:*:*"
             }
           ]
         },