bc-server – service user AWS
This is a user service which maps AWS Cognito users and groups into BeyondCron users and roles.
Configuration variables
The following configuration variables can be defined using the config set command. One set, the service can be loaded/reloaded using the user service reload command.
| beyondcron.user.service | AWS |
| aws.access.key.id | AWS access key ID. Default is derived by the default credential provider chain. |
| aws.secret.access.key | AWS access key secret. Default is derived by the default credential provider chain. |
| aws.region | AWS region. Default is the derived by the default region provider chain. |
| aws.cognito.client.admin.id | Cognito admin app client id. This app client is used for authenticating users, and must be created without a secret and ADMIN_NO_SRP_AUTH enabled. |
| aws.cognito.client.reset.id | Cognito password reset app client id. This app client is for restting user passwords, and requires a a secret. Setting of ADMIN_NO_SRP_AUTH is not requried. |
| aws.cognito.client.reset.secret | Reset app client secret. |
| aws.cognito.pool.id | Cognito user pool id. |
| aws.cognito.refresh.period | Period in minutes after which the Cognito user/group → BeyondCron user/role mappings are refreshed. The command user service refresh can be used to refresh on demand. Default is 15 minutes. |
| beyondcron.user.service.user.create | Allow BeyondCron to create new users. Default is false. |
| beyondcron.user.service.user.validate | Allow BeyondCron to validate users, rather than requring validation via a welcome email. Default is false. |
| beyondcron.user.service.password.change | Allow users to change their password using BeyondCron. Default is false. |
| beyondcron.user.service.password.reset | Allow user to reset their password using BeyondCron. Default is false. |
aws.secret.access.key & aws.cognito.client.reset.secret are secret configuration variables, and as such can only be viewed by users with write access to /_beyondcron/configuration.
Pool attributes
This service requires the attributes to be defined for the user pool.
| Attribute | Type | Min length | Max length | Mutable |
|---|---|---|---|---|
| standard | — | — | — | |
| given_name | stanard | — | — | — |
| family_name | stanard | — | — | — |
| data | custom string | 0 | 2048 | yes |
Example
BeyondCron % config set aws.access.key.id AKIAIT…
BeyondCron % config set aws.secret.access.key o0BQNc…
BeyondCron % config set aws.region us-west-1
BeyondCron % config set aws.cognito.pool.id us-west-2_5Xv…
BeyondCron % config set aws.cognito.client.admin.id 5n6qc…
BeyondCron % config set aws.cognito.client.reset.id 2p01s…
BeyondCron % config set aws.cognito.client.reset.secret 1hd8p…
BeyondCron % config set beyondcron.user.service AWS
BeyondCron % user service reload