CCM-7248: udpdate docs

NHSDigital · Nov 14, 2024 · bdb49c8 · bdb49c8
1 parent 05d9ec9
commit bdb49c8
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 59 deletions.
diff --git a/.env.template b/.env.template
@@ -1,9 +1,4 @@
-# These are the settings for the dev user pool
-USER_POOL_ID=eu-west-2_fhHtnXS3G
-USER_POOL_CLIENT_ID=<client ID>
-HOSTED_LOGIN_DOMAIN=<domain>
+USER_POOL_ID=<user pool ID> # Check the README.md
+USER_POOL_CLIENT_ID=<client ID> # Check the README.md
+USE_LOCAL_AUTH='true' # when true will create a new cognito sandbox
 
-# These are settings to allow redirects from auth
-AWS_APP_ID=<templates AWS app ID>
-NOTIFY_SUBDOMAIN=<templates subdomain>
-NOTIFY_DOMAIN_NAME=<templates domain name>
diff --git a/README.md b/README.md
@@ -39,23 +39,33 @@ Read more about the technical design at [REFCOM-2024-007: WebUI User Auth](https
     npm install
   ```
 
-### Setup .env or Environment variables
+### Setup .env
 
-#### Env Var: USER_POOL_ID
+copy and rename `.env.template` to `.env`
+
+#### USER_POOL_ID (optional)
 
 1. Log into the `nhs-notify-iam-dev` AWS account
 2. Load AWS Cognito
 3. Open `nhs-notify-main-app` Cognito user pool
 4. Grab `User pool ID` value
 
-#### Env Var: USER_POOL_CLIENT_ID
+#### USER_POOL_CLIENT_ID (optional)
 
 1. Log into the `nhs-notify-iam-dev` AWS account
 2. Load AWS Cognito
 3. Open `nhs-notify-main-app` Cognito user pool
 4. Load `App integration` tab
-5. Find (at the bottom of the page)
-6. Grab `Client ID` value
+   1. Found (at the bottom of the page)
+5. Grab `Client ID` value
+
+#### USE_LOCAL_AUTH
+
+```
+true/false
+```
+
+When `true` a new Cognito instance will be created within the Amplify sandbox. You'll need to manually add users.
 
 ### Setup a user in Cognito
 

diff --git a/amplify/auth/resource.ts b/amplify/auth/resource.ts
@@ -1,49 +1,20 @@
 import { DeepPartialAmplifyGeneratedConfigs } from '@aws-amplify/plugin-types';
 import { ClientConfig } from '@aws-amplify/client-config';
+import { defineAuth } from '@aws-amplify/backend';
 
-const appId = process.env.AWS_APP_ID;
-const subdomain = process.env.NOTIFY_SUBDOMAIN;
-const domainName = process.env.NOTIFY_DOMAIN_NAME;
-
-export const authConfig: DeepPartialAmplifyGeneratedConfigs<ClientConfig> = {
-  auth: {
-    aws_region: 'eu-west-2',
-    user_pool_id: process.env.USER_POOL_ID,
-    user_pool_client_id: process.env.USER_POOL_CLIENT_ID,
-    oauth: {
-      identity_providers: [],
-      domain: process.env.HOSTED_LOGIN_DOMAIN ?? 'no-domain',
-      scopes: [
-        'openid',
-        'email',
-        'profile',
-        'phone',
-        'aws.cognito.signin.user.admin',
-      ],
-      redirect_sign_in_uri: [
-        `https://${subdomain}.${appId}.amplifyapp.com/auth/`,
-        `https://${subdomain}.${domainName}/auth/`,
-        'http://localhost:3000/auth/',
-        'http://localhost/auth/',
-      ],
-      redirect_sign_out_uri: [
-        `https://${subdomain}.${appId}.amplifyapp.com/`,
-        `https://${subdomain}.${domainName}/`,
-        'http://localhost:3000/templates/create-and-submit',
-        'http://localhost/templates/create-and-submit',
-      ],
-      response_type: 'code',
+export const remoteAuthConfig: DeepPartialAmplifyGeneratedConfigs<ClientConfig> =
+  {
+    auth: {
+      aws_region: 'eu-west-2',
+      user_pool_id: process.env.USER_POOL_ID,
+      user_pool_client_id: process.env.USER_POOL_CLIENT_ID,
     },
-    username_attributes: ['email'],
-    standard_required_attributes: ['email'],
-    user_verification_types: ['email'],
-    unauthenticated_identities_enabled: false,
-    password_policy: {
-      min_length: 8,
-      require_lowercase: true,
-      require_uppercase: true,
-      require_numbers: true,
-      require_symbols: true,
+  };
+
+export const sandboxAuthConfig = {
+  auth: defineAuth({
+    loginWith: {
+      email: true,
     },
-  },
+  }),
 };
diff --git a/amplify/backend.ts b/amplify/backend.ts
@@ -1,7 +1,13 @@
 import { defineBackend } from '@aws-amplify/backend';
-import { authConfig } from './auth/resource';
+import { remoteAuthConfig, sandboxAuthConfig } from './auth/resource';
 
-const backend = defineBackend({});
-backend.addOutput(authConfig);
+let backend;
+
+if (process.env.USE_LOCAL_AUTH === 'true') {
+  backend = defineBackend(sandboxAuthConfig);
+} else {
+  backend = defineBackend({});
+  backend.addOutput(remoteAuthConfig);
+}
 
 export default backend;