Remove client secret cdk output

NASA-IMPACT · Feb 26, 2024 · bb82260 · bb82260
1 parent 393d670
commit bb82260
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -90,3 +90,66 @@ A streamlined version of the client can be installed with `pip install cognito_c
 
 # License
 This project is licensed under **Apache 2**, see the [LICENSE](LICENSE) file for more details.
+
+
+## userpool
+
+```python
+cognito.UserPool(
+    self,
+    "userpool",
+    user_pool_name=Stack.of(self).stack_name,
+    removal_policy=RemovalPolicy.DESTROY,
+    self_sign_up_enabled=False,
+    sign_in_aliases={"username": True, "email": True},
+    sign_in_case_sensitive=False,
+    standard_attributes=cognito.StandardAttributes(
+        email=cognito.StandardAttribute(required=True)
+    ),
+)
+```
+
+no mfa
+email only
+user name and email
+don't enable self-registration
+send email with cognito
+userpool name: veda-auth-mcp-test
+client: 
+    auth_provider_client = self.add_programmatic_client(
+        "cognito-identity-pool-auth-provider",
+        name="Identity Pool Authentication Provider",
+    )
+    client = self.userpool.add_client(
+        service_id,
+        auth_flows=cognito.AuthFlow(user_password=True, admin_user_password=True),
+        generate_secret=False,
+        user_pool_client_name=name or service_id,
+        # disable_o_auth=True,
+    )
+
+identity pool
+
+```python
+cognito_id_pool.IdentityPool(
+    self,
+    "identity_pool",
+    identity_pool_name=f"{stack.stack_name} IdentityPool",
+    authentication_providers=cognito_id_pool.IdentityPoolAuthenticationProviders(
+        user_pools=[userpool_provider],
+    ),
+    role_mappings=[
+        cognito_id_pool.IdentityPoolRoleMapping(
+            provider_url=cognito_id_pool.IdentityPoolProviderUrl.user_pool(
+                f"cognito-idp.{stack.region}.{stack.url_suffix}/"
+                f"{userpool.user_pool_id}:{auth_provider_client.user_pool_client_id}"
+            ),
+            use_token=True,
+            mapping_key="userpool",
+        )
+    ],
+)
+```
+
+user access - authenticated access
+authrnticated identity sources - amazon cognito user pool
diff --git a/infra/stack.py b/infra/stack.py
@@ -229,12 +229,6 @@ def _create_secret(
 
         # We need to extract the secret name to be used for ingestor stac
         # We expect the exported name to be of the format "<stackname>-<variablename>"
-        CfnOutput(
-            self,
-            f"{service_id}-secret-output",
-            export_name=f"{stack_name}-{service_id}-secret" if stack_name not in service_id else f"{stack_name}-client-secret",
-            value=secret.secret_name,
-        )
         CfnOutput(
             self,
             f"{service_id}-secret-arn-output",