Neophyte
Federated Authentication flow - AWS Cognito as IDP - Microsoft Entra MultiTenant app
the solution I have chosen is
1. use MSAL to initiate the PKCE auth flow on the client side - https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular
2. I have used the redirect approach (it is a bit poorly documented on the webpage, but chatGPT could fill the gap). Popup flow was very much straight forward, but redirect was a bit off for my usecase.
3. I pass access token and idToken to the backend API.
4. Backend validates the accessToken with Microsoft
5. validate the aud of the idToken (to ensure that it match the clientId of my App registration in Entra)
6. if all valid, take the claims from the token (uid, iss, tid, etc.) and look it up from the internal identity storage and create/update with new info
7. Check status of user in Cognito and create/update with the new login data.
8. proceed with post-auth processing on the backend/client side.
8 replies
Federated Authentication flow - AWS Cognito as IDP - Microsoft Entra MultiTenant app
just for references:
AWS documentation how to establish 3rd party OIDC auth flow https://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html
and here
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-flow.html
8 replies
How to to dynamically provide T type of a generic method
the one calling
IDataInterface.Validate<T, TError>(values) won't know compiletime the type of TError. Since he the specific implementation of IDataInterface is resolved only during runtime105 replies
How to to dynamically provide T type of a generic method
maybe adding
IParserFactory instead of the specific TParser could help.
At the end, the parser will have to do the same. Parse<T>(Stream stream) no matter the implementation. This could reducde the number of generics needed.
Same with TConverter105 replies