Authentication, Authorization, Identity

:::note WIP These docs are currently incomplete, and offer only a high level overview currently. :::

Project Structure

• Directorypackages

  • Directorycognito

    • cognito-post-confirmation.test.ts
    • cognito-post-confirmation.ts
    • cognito-pre-signup.test.ts
    • cognito-pre-signup.ts
  • Directoryapi

    • Directorycontrollers

      • user.ts
    • Directorymodels

      • User.ts
  • Directorycdk # see the Cloud Infrastructure guide for more details

    • Directorylib

      • Directoryconstructs

        • Directorytables

          • UserTable.ts
        • Auth.ts

Code Genie projects use Cognito User Pools to handle User Identity.

The API Gateway API is configured with a Cognito Authorizer, verifying and caching the JWT.

The Express API grabs the claims from the JWT. It trusts the validity of the JWT since it has already been validated by APIGW.

The frontend uses the Amplify JavaScript Library’s Auth Module Amplify Auth.

Note

The User Pool only stores user information required for authentication. All other user data should be stored in the User DynamoDB Table.