AWS Amplify Project: Authorization - a2n-seattle/rms-app GitHub Wiki
| Field | Value |
|---|---|
| Milestone: | Milestone |
| Owner: | Russell Nyrako |
| Contributors: | |
| Reviewer: | Jeremy Yau |
| Status: | Approved |
Why?
As a App Admin
I want to be able to make sure the user has the permissions to use the app
So that we can prevent unauthorized access.
Put this as documentation on top of the class
This is technically a lower priority project, but the other side benefit of authorization is that we would automatically be given the name of the person using the app. We then can autofill the borrower when we perform borrow and return operations.
What?
AWS Authorization using Google OAuth
OAuth 2.0 is the common Authorization framework used by web and mobile applications for getting access to user information (“scopes”) in a limited manner. Common analogies you will hear in OAuth is that of boarding a plane or staying in a hotel - showing your identification is the Authentication piece (signing into an app) and using the boarding pass/hotel key is what you are Authorized to access.
OAuth support in Amplify uses Cognito User Pools and supports federation with social providers, which will automatically create a corresponding user in the User Pool after a login. OIDC tokens are available in the app after the application has completed this process.
We will be using Google as a our primary OAuth provider. This allows us to login to our app using Google, which will then configure the app to have the user’s name. After logging in the first time, the user shouldn’t need to log in again. (This is as simple as a check of whether or not the UserName field is empty. If it’s empty then we would ask the user to sign on)
See Amplify website for more details.
How?
Task Breakdown
-
Initialize AWS Amplify API
- Jeremy will provide Google OAuth client ID and client secret.
-
Implement logic to redirect user to Google login.
-
Store email of user in the App on login.
- Need to check with frontend team about where to store this. Either local storage or in the cache.
-
Support Frontend team for write operations.
- Make sure they use the stored name to autofill borrower.
-
[Low Priority] Implement logic to prevent user from needing to login again after the first time.
-
[Low Priority] Work with the frontend team to allow user to log out.
-
Would probably be out of the scope of this internship, since Frontend team might not have capacity to create additional functionality.
-
Janky way to reset the user is to delete the app and download it again.
-
Or implement functionality to delete cache.
-
Acceptance Criteria
| Scenario | Expected Response |
|---|---|
| When a user uses the app for the first time | Will redirect the user to Google login |
| When a user finishes logging in | Will populate the UserName field in local storage |
| When a user uses the app in subsequent times | Will not require the user to log in again |
These scenarios should be written up as tests, using the following naming convention:
'will <have expected response> when <a certain input is given>'