SSO
This is the Single Sign On application to authenticate with AWS Cognito service.
This project has different targets.
- Create a React standalone application. Here
- Crerate a library to integrate with other React projects. Here
SSO Application
This is the application to process the authentication of the user using AWS Cognito service.
The application has following features
- Authentication of the user
- Change password of the user
- Forgot password procedure of the user
- Control of rotation fo the password
The application is preconfigured with default parameters that you need to customize. You have to set a global object to override values of the configuration. The global object you need to override is global.bookassist.auth
Configuration
Global properties of global.bookassist.auth
| Name | Type | Description |
|---|---|---|
| enviroment | enum [ secure | sso ] | Define the environment of the authetication. Secure and SSO have different AWS Cognito Pool |
| authSever | url | Endpoint of the SSO Server Auth |
| i18nEndpoint | url | Endpoint to get JED i18n feed |
| gaAccount | string | Google Analytics account |
| captchaKey | string | ReCaptcha v2 key to use |
| confirmWithServer | bool | If this flag is true, the application confirms with SSO Server Auth the identity of the user. If it's false, the AWS Cognito identity is enough |
| aws | object | AWS Amplify configuration |
Properties of aws
| Name | Type | Description |
|---|---|---|
| Auth | object | Configuration of the Auth |
Example of the global object
{
"environment": "secure",
"authServer": "https://auth.milocalhost.com",
"i18nEndpoint": "https://api.milocalhost.com/master/i18n/bookassist.i18n.HotelAdminRB/{0}/jed",
"gaAccount": "UA-25321856-1",
"captchaKey": "6Lc9vSUTAAAAAGNnZJGco_7GxWAWuZ9n99DSQw1V",
"confirmWithServer": false,
"orderActionButtons": "cta-right",
"aws": {
"Auth": {
"identityPoolId": "eu-west-1:d1105de5-c924-4f4c-8e6c-bc5be3df684f",
"region": "eu-west-1",
"userPoolId": "eu-west-1_NycYtNl1g",
"userPoolWebClientId": "p21h8qinoaculq94vmqmahigd",
"mandatorySignIn": true,
"authenticationFlowType": "USER_PASSWORD_AUTH",
"clientMetadata": {
"userLang": "en",
"pci": "true"
}
}
}
}Build app
This project is using webpack to build the app, so you can execute
yarn install && yarn build:app
After you build the application the result is in the dist directory.
dist
├── ba-sso-component-styles.css
├── config.js
├── favicon
├── fonts
├── images
├── index.html
└── sso.min.jsDocker environment
The project can create a Docker image to run the application. The image is based on nginx.
As same as other apps, you have to build the docker image of this project. To build that, you have to run following command.
docker build -t 479499153175.dkr.ecr.eu-west-1.amazonaws.com/bookassist/sso-auth .For developer environment, you probably want to use a local registry instead of ECR
docker build -t registry.localhost:5000/bookassist/sso-auth .SSO Library
The project can also create a library to use the component inside an application. The library is take into account you can use the component in different environments.
- React Web Application
- Standalone in a web page
The library exports some UI components and some functions to work with the component and control workflows.
Components
The library exports 3 components
| Component | Description |
|---|---|
| SSOComponent | This is to use in a non-react application |
| SSOReactComponent | This is to use in a react application |
| SSOWrapper | This is to use in a react application but using redirections instead of embedded component |
Properties of the components
| Property | Type | Controls | Description |
|---|---|---|---|
| forceSignIn | bool | All | Flag to force login when control is created. Default false |
| language | string | All | Language code to translate the keys. Default is "en" |
| signInUri | uri | SSOWrapper | URI where the control has to redirect when the user is not logged in |
| enabledAnalytics | bool | All | Flag to enable Google Analytics. Default true |
| enabledHotReload | bool | All | Flag to enable hot reload. Default true |
| childrenToControl | control | All | HTML or React controls to render is the user is logged in. Default null |
| loginFormContainer | control | SSOReactComponent, SSOWrapper | Container where SSO form is mount |
| withCaptcha | bool | SSOComponent, SSOReactComponent | Flag to show captcha on sign in dialog. Default false |
| checkCaptcha | bool | SSOComponent, SSOReactComponent | Flag to check captcha into control. The parameter depends if withCaptcha is enabled. Default is true |
| minPasswordLength | number | SSOComponent, SSOReactComponent | Minimum length of the password. Default 8 |
| displayBehaviour | enum [ embedded | wrapper | wrapperWithHeader ] | SSOComponent, SSOReactComponent | Behaviour of the control to wrapper other controls. Default wrapperWithHeader |
| initialAction | enum [ normal | changepass | logout ] | SSOComponent, SSOReactComponent | Initial action if the user is signed in. Default normal |
| redirect | uri | SSOComponent, SSOReactComponent | redirect URL to redirect after sign in. Default null |
| callback | function | SSOComponent, SSOReactComponent | Callback function. Default null |
| theme | enum [ Classic | Modern ] | SSOComponent, SSOReactComponent | Theme to use into control. Default Classic |
| hasTemporaryPassword | bool | SSOComponent, SSOReactComponent | A flag to know if the static use has temporary password. Default false |
| checkURL | bool | SSOComponent | Flag to parse URL parameters. Default true |
| container | string or HTMLnode | SSOComponent | The container to put the control. You can set and valid document query parameter or and DOM element. Default "#sso" |
Functions
The library also exports some functions
| Function | Description |
|---|---|
| retrieveUserInformation | Retrieve the user information from AWS Cognito |
| retrieveCredentials | Retrieve AWS Cognito Tokens |
| signOut | Sign Out from SSO |
| changePassword | Go to change password form |
retrieveUserInformation
Retrieve user information of current user
parameters
| Parameter | Type | Description |
|---|
output
Object that contains following properties
| Propety | Type | Description |
|---|---|---|
| username | string | Username of the current user |
| userid | number | Id of the user |
| accountId | string | Account linked to the user |
| name | string | Full name of the user |
| string | email of the user | |
| phone | string | Phoner of the user |
| lastLoginDate | string | Last date that the user was logged in |
| status | enum [ ACTIVE | PASSWORD_EXPIRED | USER_EXPIRED | DISABLED | TEMP_PASSWORD | TEMP_PASSWORD_EXPIRED ] | Status of the user |
| administrator* | bool | Flag to know if the user is an administrator of the account |
| hotelId* | number | The id of the hotel that the user is linked to |
| guideId* | number | The guide of the hotel that the user is linked to |
| hotelGroupId* | number | The id of the group that the user is linked to |
NOTE: * means this field is deprecated
retrieveCredentials
Retrieve AWS Cognito credentials. Usually contains JWT
parameters
| Parameter | Type | Description |
|---|
output
Object with following properties
| Propety | Type | Description |
|---|---|---|
| accessToken | string | Access token from AWS Cognito |
| idToken | string | Identity token from AWS Cognito |
| refreshToken | string | Refresh token from AWS Cognito |
Example
{
"accessToken": "ydashdalk...",
"idToken": "jbdslkj2783..",
"refreshToken": "jdkas=_ksajhd..."
}signOut
Sign out from the Single Sign On globally
parameters
| Parameter | Type | Description |
|---|---|---|
| message | string | Message or reason to sign out. Default '' |
| callback | function | Callback to execute when signed out. Default () => {} |
output
None
changePassword
Go to change password
parameters
| Parameter | Type | Description |
|---|
output
None
Build library
To build the library you can execute
yarn install && yarn build:lib
Publish library
You can publish this library to a npm repository.
yarn publishUsing in a React project
First of all you have to include the library in your project
yarn add @bookassist/ba-ssoor you can use npm
npm install @bookassist/ba-ssoYou have to wrapper your application with a component
import { SSOWrapper } from '@bookassist/ba-sso'
...
<SSOWrapper signInUri={ 'https://login.bookassist.com' }>
<div>My application</div>
</SSOWrapper>In case you want to use only the wrapper, you can import from a compat file
import SSOWrapper from '@bookassist/ba-sso/dist/ba-sso-wrapper'
...
<SSOWrapper signInUri={ 'https://login.bookassist.com' }>
<div>My application</div>
</SSOWrapper>Using a function
import { retrieveUserInformation } from '@bookassist/ba-sso/dist/ba-sso-functions';
...
const myFunction = () => {
retrieveUserInformation()
.then(user -> {
// your code of user
})
}Using in a page
You have to include the CSS file and the Script file. You can pick them from the dist directory after you build the application.
The application needs an HTML container with id sso.
<!doctype html>
<html>
<head>
<title>Bookassist SSO</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<script type="text/javascript">
window.signInCallback = function() {
alert('Signed In');
};
</script>
<link href="./ba-sso-styles.css" rel="stylesheet">
</head>
<body class="ha-login">
<div id="sso"></div>
<script type="text/javascript">
<!-- Override values -->
</script>
<script type="text/javascript" src="./ba-sso-component.js"></script>
<script type="text/javascript">
SSOComponent = window["ba-sso-component"].SSOComponent;
var c = new SSOComponent({ "displayBehaviour": "embedded" });
c.run();
</script>
</body>
</html>