cgauge / flask-awscognito Goto Github PK

I followed the examples in the documentation and noticed that when a custom domain is provided in AWS Cognito and the AWS_COGNITO_DOMAIN config is set in Flask with the same value, the library is unable to get the access token from the request argument.

The following "aws_auth.get_access_token(request.args)" fails because I believe the necessary request args are not being passed on.

When I don't use the "Your own domain" setting and set the AWS_COGNITO_DOMAIN config in Flask with the "Amazon Cognito domain" everything works as expected.

The documentation states "Both options - “Amazon Cognito domain” and “Your own domain” are supported. Don’t forget to pass it to Flask app config."

Any suggestions?

Hey there,
Thank you for developing this plugin. It's really useful. I've been trying to use this plugin with identity pool to give permission to a user to aws resources (eg. s3). Uploading a file or a picture is something a user could do with a temp credentials. Is the plugin capable of doing that? The boto3's cognito-identity client method (get_credentials_for_identity) can do that but I was wondering if you guys know an alternative using the plugin.

from flask import Flask, Response, json, request, redirect
from botocore.vendored import requests
import requests
import boto3
from flask import jsonify
from flask_awscognito import AWSCognitoAuthentication

app = Flask(__name__)

app.config['AWS_DEFAULT_REGION'] = 'XXXXX'
app.config['AWS_COGNITO_DOMAIN'] = 'XXXXXXXXXXX'
app.config['AWS_COGNITO_USER_POOL_ID'] = 'XXXXXXXXXXX'
app.config['AWS_COGNITO_USER_POOL_CLIENT_ID'] = 'XXXXXXXXXXX'
app.config['AWS_COGNITO_USER_POOL_CLIENT_SECRET'] = 'XXXXXXXXXXX'
app.config['AWS_COGNITO_REDIRECT_URL'] = 'XXXXXXXXXXX'

aws_auth = AWSCognitoAuthentication(app)

@app.route('/login')
def sign_in():
    return redirect(aws_auth.get_sign_in_url())

@app.route('/aws_cognito_redirect')
def aws_cognito_redirect():
    access_token = aws_auth.get_access_token(request.args)
    return jsonify({'access_token': access_token})

@app.route('/userdata')
#curl -sv 'https://api.saidevireddy.com/userdata' \ --header 'Authorization: <access_token>'  
def userdata():
    headers = request.headers
    access_token = headers.get("Authorization")
    data = aws_auth.get_user_info(access_token)
    return {
        'statusCode': 200,
        'body': json.dumps(data)
    }

@app.route('/')
@aws_auth.authentication_required
def index():
    claims = aws_auth.claims # or g.cognito_claims
    return jsonify({'claims': claims})

if __name__ == '__main__':
    app.run(host = '127.0.0.1', port=5005, debug= True)

Firstly, thank you for developing this plugin. It's very useful.

I was successfully able to integrate this plugin with my application on AWS with API Gateway.

In my code, both sign_in() and aws_cognito_redirect() works without any issues.
However, when I try to use aws_auth.get_user_info(access_token) in userdata(), I am getting the following error.

AttributeError: 'AWSCognitoAuthentication' object has no attribute 'get_user_info'

Hello,

I am a beginner in Python and Flask and trying to build an application. I am using Cognito in my app and using "from flask_awscognito import AWSCognitoAuthentication" library similar to yours.
I came across your profile from AWSCognitoAuthentication repo link and have few questions about the app.

1. How are you consuming the access token in the front end?
2. I tried to redirect to an S3 static html page and with set.cookie but the cookie disappears after the redirection. Can you please help me with this part?
3. Are you redirecting to API Gateway or S3 static page?(AWS_COGNITO_REDIRECT_URL)?

This project is currently unmaintained, and we don't expect to dedicate resources to it from now on, as our API development is moving out of Flask. So, we are in search of somebody that can take on the project and keep it in shape for the foreseeable future. If you feel like you can be that person, please let us know ASAP. Fame, glory, and honor await you!

I'm using this package for my dash dashboard (built on top of flask).

Works perfectly for the initial login but as soon as the access token runs out I hit problems. If the user refreshes the page they get redirected to the AWS login and everything is well, but until that point the page just appears broken and there's no simple way I'm aware of to trigger a web refresh from the server (maybe server sent event but I don't want to mess around with that for a simple auth flow).

Is there no InitiateAuth equivalent?

Hello,

According to my understanding, this library needs the "Client Secret". Can we use this library without Client Secret?

Thank you,
SaiJeevan

I ask because there are features in master that I would like to use in one of my projects. For example AWSCognitoAuthentication.get_user_info

Hello,

After updating flask to 2.2.3 I'm seeing this deprecation warning coming from flask-awscognito:

venv/lib/python3.10/site-packages/flask_awscognito/plugin.py:3: DeprecationWarning: '_app_ctx_stack' is deprecated and will be removed in Flask 2.3.
    from flask import _app_ctx_stack, abort, request, make_response, jsonify, g

Could you please advise how to deal with it so it does not block future flask updates?

As per the code get_user_info is added to this repository but while installing it via pip, it's not available in 1.3 latest version as well. Can we have it released in some version so as to use it?