Monday 19 March 2018

AWS Cognito User Pools, Lambda and Box integration

AWS Cognito User Pools, Lambda and Box integration


Feb 2022 - this post is permanently moved to https://architectfwd.com, my new site, and can be found here  - https://architectfwd.com/architecture/cloud/amazon-web-services-aws/cognito/user-pools/2022/01/23/aws-cognito-user-pools-lambda-and-box/ please go and bookmark that site for all of my future content.


In my previous posts I have been using Azure functions and B2C. I had a use case I wanted to try out and stood up an AWS Cognito user pool with 2 Lambda functions connecting to a box app using box sample code[1]. The process was simple and I managed to stand up the site really quickly, thus very impressed - I'd been keen on using Cognito for a while as an identity pool, and only created my AWS account the day before so all in all a great experience.

Here's what the solution would look like:


Cognito

I created a sign in / sign up policy similar to the B2C and the pool config was really easy. I created and linked up a box.com app.




I was then tasked with the box-specific lambda functions for post authentication and for creating the user in box.

Lambda 

2 Lambda and a couple of roles later and I was connected up. I used a sample angular app, wired up the AWS and box config and was A for away, except I had to increase the one of the function's timeout to 5 seconds once I stood up the angular app in Azure, it kept timing out. Cognito User Pool Lambda functions must respond within 5 seconds, not configurable.


I also needed to create roles for the Cognito and Lambda integration, specifically the first needed to be a service role, specifically a AWS lambda basic execution role. It probably needs Log policies. The second role needed a little more:



An API gateway was needed for lambda proxying to the token exchange function with box



I also needed an authorizer for the Cognito pools


CORS

CORS was a nuisance, I ended up writing headers back in all responses, just couldn't get it to work otherwise. the origin should not be a *, I know. I'll fix that, any anyway the box.com app config provides one more CORS setting which is tied to the correct domain.


Working app

It helped that I had some sample code from box. With all this configured I have a custom user pool of users who each get their own folder in a box.com instance where they can upload documents to.

I stood this up in an evening, really impressed by the AWS Cognito User Pool service and the simplicity of the interfaces. The lambda interface is awesome to use. Box.com app config is simple, and I am a long time box.com user so I think their user experience is great in general. 

Closing

I want to spend more time with AWS. I may continue with the Azure B2C as exploratory and rather throw my efforts in this direction.

References

[1] box samples on github


Cheers
Quintes


Connect with me on LinkedIn or Twitter
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)