Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(IDM support): support IDM integration #153

Merged
merged 21 commits into from
Oct 5, 2023
Merged

feat(IDM support): support IDM integration #153

merged 21 commits into from
Oct 5, 2023

Conversation

mdial89f
Copy link
Contributor

@mdial89f mdial89f commented Oct 5, 2023
edited
Loading

Purpose

This changeset adds conditional support for IDM as an upstream identity provider.

Linked Issues to Close

Closes https://qmacbis.atlassian.net/browse/OY2-24473

Approach

When IDM connection and auth information is passed through secrets manager to the deployment, the environment will deploy with IDM support.

  • IDM is configured as an identity provider in Cognito.
  • It's connected via OIDC.
  • A lambda was build that hooks into the 'pre token generation' lifecycle event; this lambda is fired after authentication and just before a token is returned to the user. This lambda reaches out to the IDM authz endpoint, gets user information, and loads that info into cognito.
  • Role names as our app defines them have been globally updated to match the role names as they exist in IDM.

Assorted Notes/Considerations/Learning

  • I'm going to leave the idm branch up, running, and connected to IDM. This is just to facilitate further development against IDM.

mdial89f
mdial89f commented Oct 5, 2023
View reviewed changes
src/services/api/serverless.yml
searchProvisionedConcurrency: 1
itemProvisionedConcurrency: 1
searchProvisionedConcurrency: 0
itemProvisionedConcurrency: 0
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sls deploy function isn't compatible with provisioned concurrency... so I'd like to move this to zero for dev envs.

hannasage
hannasage reviewed Oct 5, 2023
View reviewed changes
Copy link

@hannasage hannasage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initial comments

src/services/auth/handlers/postAuth.ts Outdated Show resolved Hide resolved
src/services/auth/handlers/postAuth.ts Outdated Show resolved Hide resolved
benjaminpaige
benjaminpaige approved these changes Oct 5, 2023
View reviewed changes
Copy link
Collaborator

@benjaminpaige benjaminpaige left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just the one comment but it looks good to me. 👍

@mdial89f mdial89f merged commit fb1566c into master Oct 5, 2023
@github-actions GitHub Actions
Copy link
Contributor

🎉 This PR is included in version 1.5.0-val.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hannasage hannasage hannasage left review comments

@benjaminpaige benjaminpaige benjaminpaige approved these changes

@13bfrancis 13bfrancis Awaiting requested review from 13bfrancis

Assignees
No one assigned
Labels
released on @val
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mdial89f @benjaminpaige @hannasage