Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cognito): choice-based authentication (passwordless sign-in / passkey sign-in) #32369

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat(cognito): choice-based authentication (passwordless sign-in / passkey sign-in) #32369

wants to merge 6 commits into from

Conversation

Tietew
Copy link
Contributor

@Tietew Tietew commented Dec 3, 2024
edited
Loading

Issue # (if applicable)

Closes #32265.

Reason for this change

User Pool has introduced choice-based authentication, including passwordless sign-in and passkey (WebAuthn) sign-in.
For details, see Manage authentication methods in AWS SDKs.

Related PRs:

Description of changes

Added following properties:

  • allowedFirstAuthFactors - allowed first authenticate factors
  • passkeyRelyingPartyId - the authentication domain used as passkey relying party ID
  • passkeyUserVerification - configure user verification to be preferred or required

Description of how you validated changes

Added unit test and an integ test.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added admired-contributor [Pilot] contributed between 13-24 PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 labels Dec 3, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team December 3, 2024 06:47
@Tietew
Copy link
Contributor Author

Tietew commented Dec 3, 2024
edited
Loading

This PR is draft until #32367 is merged. Ready now.

@Tietew Tietew mentioned this pull request Dec 3, 2024
Merged
1 task
Tietew
Tietew commented Dec 3, 2024
View reviewed changes
packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts

// TODO: validate whether the feature plan is not Lite

const allowedFirstAuthFactors = ['PASSWORD'];
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When 'PASSWORD' is missing, CloudFormations fails with following error:

Resource handler returned message: "Invalid request provided: PASSWORD should be configured as one of the allowed first auth factors."

@codecov Codecov
Copy link

codecov bot commented Dec 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.67%. Comparing base (2607eb3) to head (5d22a32).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #32369   +/-   ##
=======================================
  Coverage   78.67%   78.67%           
=======================================
  Files         107      107           
  Lines        7237     7237           
  Branches     1329     1329           
=======================================
  Hits         5694     5694           
  Misses       1357     1357           
  Partials      186      186
Flag Coverage Δ
suite.unit 78.67% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 78.67% <ø> (ø)

@Tietew Tietew force-pushed the cognito-userpool-passwordless branch from 0d5449e to 53ffbfb Compare December 6, 2024 04:07
@Tietew Tietew changed the title feat(cognito): passwordless sign-in feat(cognito): choice-based authentication (passwordless sign-in / passkey sign-in) Dec 6, 2024
GavinZZ pushed a commit that referenced this pull request Dec 6, 2024
@Tietew @mergify
feat(cognito): user pool feature plans (#32367)
39c22de 
### Issue # (if applicable)

N/A

### Reason for this change

Amazon Cognito introduces the feature plans which replaces the Advanced
Security Mode.
See:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html

Related to #32369 - passwordless sign-in requires Essentials or higher
feature plan.

### Description of changes

- Add new `featurePlan` property and `FeaturePlan` enum to specify user
pool feature plan.
- Deprecate `advancedSecurityMode` property and `AdvancedSecurityMode`
enum.

Note that the previous AWS document about Advanced Security Mode is now
redirected to [Advanced security with threat
protection](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html).

### Description of how you validated changes

Added new unit tests and an integ test.

### Checklist
- [x] My code adheres to the [CONTRIBUTING
GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and
[DESIGN
GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license*

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
@Tietew Tietew marked this pull request as ready for review December 7, 2024 03:17
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 5d22a32
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Dec 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
admired-contributor [Pilot] contributed between 13-24 PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cognito: Passwordless authentication support
2 participants
@Tietew @aws-cdk-automation