This project was bootstrapped with Create React App.
In the project directory, you can run:
npm install
Installs all the dependencies required to run the app
npm start
Runs the app in the development mode.
Open http://localhost:3000 to view it in the browser.
In order to run the application and see all the functionalities, you will need to create the below resources either using Amplify (tutorial), or create them yourself in your AWS account.
- User pool with an app client which enables sign in through Cognito hosted UI
- A second app client which will be used solely for the purpose of passwordless authentication. In order for the passwordless flow to work, you need to uncomment the part in
FormPasswordless.js
to use this app client ID instead of the default one inaws-exports.js
. - Lambda triggers for the passwordless authentication
createAuthChallenge_passwordless
defineAuthChallenge_passwordless
verifyAuthchallenge_passwordless
preSignup_passwordless
- Identity pool with both user pool and custom developer as authentication providers. This is used to provide auth/unauth identities and issue temporary credentials for using AWS services
- Two IAM roles for authenticated and unauthenticated user access to the app as in
identityPoolRoles
- Two DynamoDB tables which will be used as an example for auth/unauth user access to the app
- Lambda function as a backend for the developer authentication flow as in
developer_auth_lambda
- MFA TOTP authentication flow and device remembering
- You will install an authenticator on your device such as Google Authenticator
- Setup/link a new device on the authenticator to issue OTPs for your login flow
- Code for setting up the TOTP using Amplify is found in
setupMFA.js
- Code for device remembering and forgetting using Amplify is found in
Form.js
andAuth.js
respectively
- After signing in you will have an AWS Console session where you will interact with AWS services in the Console yourself!
- Code for generating this session or login URL is found in
Auth.js
- This federated login session is given by AWS IAM using the AWS credentials user gets after federating with the identity pool
- So permissions during this session would be based on the role for authenticated users specified in
identityPoolRoles
- Note that authenticated users using those federated sessions can create resources in your own account, of course if you allow them to, based on the identity pool roles they assumed
- Code for generating this session or login URL is found in
- Restrict read/write access to a private S3 bucket using the AWS credentials
- Code for put object and list objects is found in
Auth.js
- Updated policies for auth/unauth roles for S3 are found in
identityPoolRoles
- Code for put object and list objects is found in
- Federation with the identity pool directly with Facebook and Google
- Code is found in
FederateFacebook.js
andFederateGoogle.js
- Code is found in