From 3d8be72281ecdc1ce86956d80b0e1d1cbaf6f5aa Mon Sep 17 00:00:00 2001 From: Eetu Tuomala Date: Fri, 20 May 2016 23:51:33 +0300 Subject: [PATCH] start to implement developer authenticated identities #9 --- authentication/callback/s-function.json | 3 ++ .../lib/handlers/callbackHandler.js | 4 +-- authentication/lib/storage/usersStorage.js | 31 +++++++++++++++++-- s-resources-cf.json | 8 +++++ 4 files changed, 41 insertions(+), 5 deletions(-) diff --git a/authentication/callback/s-function.json b/authentication/callback/s-function.json index de0eaf7..4643926 100644 --- a/authentication/callback/s-function.json +++ b/authentication/callback/s-function.json @@ -47,6 +47,9 @@ "SERVERLESS_PROJECT": "serverless-authentication-boilerplate", "SERVERLESS_STAGE": "${stage}", "SERVERLESS_REGION": "${region}", + "COGNITO_IDENTITY_POOL_ID": "${cognitoIdentityPoolId}", + "COGNITO_PROVIDER_NAME": "${cognitoProviderName}", + "COGNITO_REGION": "${cognitoRegion}", "REDIRECT_CLIENT_URI": "${redirectClientURI}", "TOKEN_SECRET": "${tokenSecret}", "PROVIDER_FACEBOOK_ID": "${providerFacebookId}", diff --git a/authentication/lib/handlers/callbackHandler.js b/authentication/lib/handlers/callbackHandler.js index 34759db..17845e5 100644 --- a/authentication/lib/handlers/callbackHandler.js +++ b/authentication/lib/handlers/callbackHandler.js @@ -73,10 +73,10 @@ function callbackHandler(event, callback) { .then(() => { const id = createUserId(`${profile.provider}-${profile.id}`, providerConfig.token_secret); const data = createResponseData(id, providerConfig); - + Promise.all([ cache.saveRefreshToken(id), - users.saveUser(profile) + users.saveUser(Object.assign(profile, { userId: id })) ]) .then((results) => tokenResponse(Object.assign(data, { refreshToken: results[0] }))) .catch((_error) => errorResponse({ error: _error })); diff --git a/authentication/lib/storage/usersStorage.js b/authentication/lib/storage/usersStorage.js index c217249..d03229a 100644 --- a/authentication/lib/storage/usersStorage.js +++ b/authentication/lib/storage/usersStorage.js @@ -1,6 +1,11 @@ 'use strict'; +// Common +const AWS = require('aws-sdk'); +const config = { region: process.env.SERVERLESS_REGION }; +const dynamodb = new AWS.DynamoDB.DocumentClient(config); const Promise = require('bluebird'); +const cognitoidentity = new AWS.CognitoIdentity({ region: process.env.COGNITO_REGION }); const saveDatabase = (profile) => new Promise((resolve, reject) => { if (profile) { @@ -11,6 +16,26 @@ const saveDatabase = (profile) => new Promise((resolve, reject) => { }); const saveCognito = (profile) => new Promise((resolve, reject) => { + if (profile) { + // Use AWS console or AWS-CLI to create identity pool + cognitoidentity.getOpenIdTokenForDeveloperIdentity({ + IdentityPoolId: process.env.COGNITO_IDENTITY_POOL_ID, + Logins: { + [process.env.COGNITO_PROVIDER_NAME]: profile.userId + } + }, (err) => { + if (err) { + reject(err); + } else { + resolve(); + } + }); + } else { + reject('Invalid profile'); + } +}); + +const saveToUserPools = (profile) => new Promise((resolve, reject) => { if (profile) { resolve(null); } else { @@ -20,11 +45,11 @@ const saveCognito = (profile) => new Promise((resolve, reject) => { const saveUser = (profile) => { // just temp switch - // Here you can save the profile to DynamoDB if it doesn't already exist - // In this example it just makes empty callback to continue and nothing is saved. + + // Here you can save the profile to DynamoDB, AWS Cognito or where ever you wish // profile class: https://github.com/laardee/serverless-authentication/blob/master/src/profile.js - if (true) { + if (false) { return saveDatabase(profile); } return saveCognito(profile); diff --git a/s-resources-cf.json b/s-resources-cf.json index 423c187..67bdc5a 100644 --- a/s-resources-cf.json +++ b/s-resources-cf.json @@ -49,6 +49,14 @@ "dynamodb:DeleteItem" ], "Resource": "arn:aws:dynamodb:${region}:*:*" + }, + { + "Effect": "Allow", + "Action": [ + "cognito-sync:*", + "cognito-identity:*" + ], + "Resource": "arn:aws:cognito-identity:eu-west-1:*:*" } ] },