Reputation: 1661
Where should be code for for getting Cognito token (frontend side or backend side)
I have application which has frontend code in angular. This frontend application calls backend APIs(spring-boot).
I have deployed this in EKS behind Application Load Balancer(ALB)
Request flow: Route53 -> ALB -> Frontend Target Group or Backend Target Group.
I want to setup AWS Cognito at ALB for user authentication. I am going to federate user pool from my active directory. I want to allow only those users to login into website with username/password. I want to make sure backend APIs can only be called with valid login/token.
Questions: What grant type should be used? (Authorization code grant/implicit grant/client credentials)
Where should I have code to get token from cognito? In frontend(angular) or backend?
Do I need to secure backend APIs, like APIs can be called with token only? Or Just securing angular route is enough? (because backend points are not visible from outside of cluster, they can be called only from frontend PODs) For example, We can keep mywebsite/login allowed without token, any other pages (mywebsite/serach, mywebsite/home, mywebsite/product) allowed only if token is presented
Upvotes: 0
Views: 846
Answers (1)
Reputation: 3895
Your angular frontend should initiate the flow using authorization code grant. The Cognito Identity SDK has some useful helpers for this but you can use any OIDC client SDK such as AppAuth.
Upvotes: 1
Related Questions
- Cognito login with tokens
- How to write code to get the AWS cognito access token?
- How would I get Tokens from AWS Cognito Api for machine to machine
- Get AWS Cognito Token for a REST API so I can test it
- How to get access token in AWS Cognito if using Browser based Javascript SDK?
- AWS Cognito Access Tokens Javascript
- AWS Cognito single use access token
- How to pass Cognito token to Amazon API Gateway?
- AWS Cognito Rest API to get the token
- How do I use a Cognito token with API?