Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configure AWS resources - API clients #328

Open
11 tasks
Tracked by #327
, #297
...
fyliu opened this issue Jun 27, 2024 · 0 comments
Open
11 tasks
Tracked by #327
, #297
...

configure AWS resources - API clients #328

fyliu opened this issue Jun 27, 2024 · 0 comments
Labels
complexity: medium Straightforward but some complexity (e.g., involves multiple files); will take 2-6 hours dependency Issue has dependencies feature: infrastructure For changes on site technical architecture role: dev ops s: PD team stakeholder: People Depot Team size: 2pt Can be done in 7-12 hours
Milestone
v0.01. Initial Setup

Comments

@fyliu
Copy link
Member

fyliu commented Jun 27, 2024
edited by shmonks
Loading

Dependency

Overview

As part of our AWS configuration, we need to work with #ops to configure API clients.

Action Items

  • follow documentation (if any) to create configs to provision an API client
  • meet with #ops to verify the setup (through the PR process)
    • create API clients with client secret
      • PD admin site
      • VRMS
      • website
      • CTJ
    • if needed, create API client without client secret for PD admin site
  • link to the configuration from here and from our documentation

After Merge

Resources/Instructions

  • requirements:

    • we need at least one API client configured. We may need to set up client with no secret for PD backend for now for logging in to the backend admin site using cognito, unless we get the authentication working with the client secret by the time this issue is being worked on.

    • we would like to use client secret-enabled clients so we can track where the users are logging in from (from which app). Cognito client secrets - API client #174

    • each API client app (such as VRMS, website, CTJ, PD admin site) should have its own API client "config" associated with the user pool

  • for quick reference: configs for API clients currently associated with the VRMS testing user pool

    1. client which returns the auth token in the url for manual testing

      • Authentication flows
        • ALLOW_REFRESH_TOKEN_AUTH
        • ALLOW_ADMIN_USER_PASSWORD_AUTH
      • Client secret
        • ******
      • Advanced authentication settings
        • Enable token revocation
        • Enable prevent user existence errors
      • hosted UI
        • callback URLS (for local testing)
        • Identity providers
          • Cognito user pool directory
        • OAuth grant types
          • Implicit grant
        • OpenID Connect scopes
          • openid

    2. client with no secret for PD backend (need to fix later)

    3. client with secret for client with backend

      • Authentication flows
      • ALLOW_REFRESH_TOKEN_AUTH
      • ALLOW_USER_SRP_AUTH
      • Client secret
      • ******
      • Advanced authentication settings
      • Enable token revocation
      • Enable prevent user existence errors
      • hosted UI
      • callback URLS (for local testing)
      • Identity providers
        • Cognito user pool directory
      • OAuth grant types
        • Authorization code grant
      • OpenID Connect scopes
        • email
        • openid
        • profile

  • see the actual API clients in AWS for any configs missing here
@fyliu fyliu added size: 2pt Can be done in 7-12 hours feature: infrastructure For changes on site technical architecture s: PD team stakeholder: People Depot Team role: dev ops draft This issue is not fully-written ready for dev lead complexity: medium Straightforward but some complexity (e.g., involves multiple files); will take 2-6 hours labels Jun 27, 2024
@fyliu fyliu added this to the v0.01 - initial setup milestone Jun 27, 2024
@github-project-automation github-project-automation bot moved this to New Issue Review in P: PD: Project Board Jun 27, 2024
@fyliu fyliu mentioned this issue Jun 27, 2024
Open
5 tasks
@fyliu fyliu added ready for product and removed draft This issue is not fully-written ready for dev lead labels Aug 9, 2024
@fyliu fyliu mentioned this issue Aug 9, 2024
Open
5 tasks
@fyliu fyliu mentioned this issue Aug 19, 2024
Open
6 tasks
@shmonks shmonks added the dependency Issue has dependencies label Jan 30, 2025
@shmonks shmonks moved this from 🆕New Issue Review to 🧊Ice Box in P: PD: Project Board Jan 30, 2025
@shmonks shmonks mentioned this issue Jan 31, 2025
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: medium Straightforward but some complexity (e.g., involves multiple files); will take 2-6 hours dependency Issue has dependencies feature: infrastructure For changes on site technical architecture role: dev ops s: PD team stakeholder: People Depot Team size: 2pt Can be done in 7-12 hours
Projects
P: PD: Project Board
Status: 🧊Ice Box
Milestone
v0.01. Initial Setup
Development

No branches or pull requests
2 participants
@fyliu @shmonks