Has anyone implemented auth with AWS Cognito??
Regards
Chris
Has anyone implemented auth with AWS Cognito??
Regards
Chris
This is an old question, but wanted to mention this is possible. At a high level this involves:
http://localhost:/login
https:///login
http://localhost:/logout
https:///logout
For panel you’ll need to configure it to use the ‘auth_code’ oauth_provider, and supply the following values as either env variables or in pn.serve():
OAUTH_KEY=<the cognito client id (not the user pool id)>
OAUTH_AUTHORIZE_URL=<one of the login callback urls you specified, localhost for local>
OAUTH_TOKEN_URL=
Note: there are plenty of additional steps and sharp edges depending on how your Panel app and Cognito can be configured, this will hopefully get you started.
The default env variables I mentioned are actually slightly different (we read them in manually), they are prefaced with PANEL_, see Configuring OAuth — Panel v1.4.3
I don’t recommend using AWS Cognito (inaccurate documentation, lots of hard-to-debug edge cases). I’ve had a much better experience with Auth0.
However, if you must use AWS Cognito, I recommend separating the authentication logic from your Panel app. I’ve done this by writing a reverse proxy that handles authentication on behalf of my Panel app, which allows for the easy re-use of the authentication logic for other apps. I’ve done it with Node.js, but there are other alternatives.
Essentially, you put a container in front of your app and add the authentication layer there; if a user provides the correct set of credentials, you let them pass (and pass any authentication data via HTTP headers).
My team develops an Auth0 plugin for Panel, so if that’s an option, check us out!
Update… i was able to setup an Application Load Balancer which would take care of Cognito auth before the request is sent to the Holoviz Panel web app behind the load balancer. Now I require to provide a log-out button.
I’m able to configure the logout based on this documentation Logout endpoint - Amazon Cognito
but the session does not expire…
Regards
Chris
Auth0 is not a option right now