ember-aws-cognito
v0.0.8
Published
Add support for AWS Cognito authentication
Downloads
1
Readme
ember-aws-cognito
This addon adds capability to use Cognito authentication for protecting private pages. It is built on top of the code provided by Amazon on https://github.com/aws-samples/aws-serverless-ember
Installation
Installation of the addon is done the usual way
ember install ember-aws-cognito
Usage
Once install, you then need to play the included blueprint to update your project file adding :
- AWS variables in 'environnement.js'
The standard cognito-login template uses a component based on bootstrap
{{#login-cognito-bootstrap}}Bootstrap Login with Cognito{{/login-cognito-bootstrap}}
This is the only component provided at the time being by this addon.
Once all this done, you can add a private page by adding to its route the following code :
authentication: Ember.inject.service(),
beforeModel() {
var auth = this.get('authentication');
if (!auth.authenticated) {
this.transitionTo('cognito-login');
}
},
AWS Cognito configuration
The Cognito User pool should be correctly set up to allow autehntication of the users.
Here is a sample for CloudFormation setup. Note that the field 'Parameters.AppClientName.Default' and Resources.CognitoUserPool.Properties.UserPoolName' should be updated to fit your current project.
AWSTemplateFormatVersion: '2010-09-09'
Description: Ember Cognito API
Parameters:
AppClientName:
Type: String
Default: "SimpleAWSWebClient"
Description: "Cognito user pools app client name"
Resources:
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: SimpleAWSCognito
AutoVerifiedAttributes:
- "email"
CognitoUserPoolClient:
Type: AWS::Cognito::UserPoolClient
DependsOn: CognitoUserPool
Properties:
ClientName: !Ref AppClientName
UserPoolId: !Ref CognitoUserPool
GenerateSecret: false
CognitoIdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
AllowUnauthenticatedIdentities: true
CognitoIdentityProviders:
- ClientId: !Ref CognitoUserPoolClient
ProviderName: !GetAtt CognitoUserPool.ProviderName
CognitoIdentityPoolRoles:
Type: AWS::Cognito::IdentityPoolRoleAttachment
DependsOn: CognitoIdentityPool
Properties:
IdentityPoolId: !Ref CognitoIdentityPool
Roles:
authenticated: !GetAtt AuthenticatedRole.Arn
unauthenticated: !GetAtt UnauthenticatedRole.Arn
UnauthenticatedRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud: !Ref CognitoIdentityPool
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: unauthenticated
Policies:
-
PolicyName: SimpleAWSUnauthenticatedApi
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- mobileanalytics:PutEvents
- cognito-sync:*
Resource:
- "*"
AuthenticatedRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Federated: cognito-identity.amazonaws.com
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud: !Ref CognitoIdentityPool
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: authenticated
Outputs:
CognitoIdentityPoolId:
Description: Cognito Identity Pool ID
Value: !Ref CognitoIdentityPool
CognitoUserPoolsId:
Description: Cognito User Pools ID
Value: !Ref CognitoUserPool
CognitoUserPoolsClientId:
Description: Cognito User Pools App Client ID
Value: !Ref CognitoUserPoolClient
Once this configuration is done, the following variables located in 'config/environment.js' should be set up wiuth the correct values :
- ENV.AWS_REGION : Amazon region to use
- ENV.AWS_POOL_ID : Pool Id
- ENV.AWS_USER_POOL_ID
- ENV.AWS_CLIENT_ID
Contributing
Installation
git clone <repository-url>
cd ember-aws-cognito
npm install
Linting
npm run lint:js
npm run lint:js -- --fix
Running tests
ember test
– Runs the test suite on the current Ember versionember test --server
– Runs the test suite in "watch mode"ember try:each
– Runs the test suite against multiple Ember versions
Running the dummy application
ember serve
- Visit the dummy application at http://localhost:4200.
For more information on using ember-cli, visit https://ember-cli.com/.
License
This project is licensed under the MIT License.