We have an existing API which the Crowdbotics app uses for data.
The Crowdbotics app authenticates with our API via a API key in all requests. We are adding a feature for users to be able to create, read, and delete items via our API.
Crowdbotics is adding user session management to the crowdbotics app, and we need to integrate that with our user authentication setup. Our API uses AWS cognito for user authentication. We want to verify the user logged into the crowdbotics app in our API so that we can confirm the requesting user is authorized to create, read, or delete an item via our API. I need to know how to configure cognito to integrate with crowdbotics’ app’s user authentication, what the flow of information/tokens will be, and what I need to implement in the API to make this happen.
cc @evan to be informed. @dmitrii.k could you provide your valuable help here?
@jorge.m thanks for the mention, and @paul.poladstranspare thanks for your question!
Your Crowdbotics app runs Django on the back end, so integrating AWS Cognito should be relatively straightforward. This is more of a development rather than infrastructure matter, and your app is containerized with Docker anyway.
If you would like to integrate Cognito into Django, this answer should be a good starting point for your developer.
If there is anything else I can help you with or if you want more clarification - just let me know.
Thanks @dmitrii.k for the django pointer.
What is the best way to pass user info from the crowdbotics app to the API? id_token or access_token in the request URL crowdbotics app backend -> our API (so the API can use the token in a request to cognito to independently verify user info)?
The API backend needs to verify that the logged in user is authorized to create, read, or delete the item.
Just a follow up here as we are getting there. @dmitrii.k any insight on Paul´s question?
You are most welcome, @paul.poladstranspare.
I’m not familiar with your particular app’s architecture, so I wouldn’t be able to tell you which way is the best for your specific app and needs. Your best course of action is to ask your developer about this.