AWS Cognito in Go P1 - IAM, User Pool, Sign Up API

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right everybody today we're looking at amazon cognito the simple and secure user signup sign in and access control um cognito is amazon's built-in identity management and it's a nice way to handle your authentication as a great free tier program with 50k active users for free per month um so kind of the whole pattern that you want to use this in you got some user you got some app it's a web app or mobile like ios app or android app or something like that mobile device and you need to call your backend service right you're back in service give some data back you got to be able to sign in your users sign up handle forgot passwords that all that kind of stuff and maybe maybe even you have a little micro service um system set up here where you need to be able to have a user request a single service and this service has to reach out to service b or server c and you need people to know this request has been authenticated right so how do you do that um well you do that with tokens right your user will sign in they'll get a token they'll pass it to your service your service will take that token and pass it through um showing that this request has been authorized throughout your system um and ways of doing that um you can roll your own you can just do a custom identity manager uh that's not really recommended there's um there's a lot of risk that goes with it um and for like just a little small scale app there's not much reward to it so i'd highly recommend using a managed provider like cognito and today we'll be building out a little authentication flow and service and go i find that aws doesn't have very strong documentation and go there's not a lot of usage and there's not much good content out there how to actually build stuff on aws and go link so that's the goal for today hopefully you find this valuable let's jump in all right so to use the aws sdk from our service we're going to need to create a user so you can go ahead and go to iam in your console up on here and just select users or you can click on the left hand side here add user and let's say cognito demo user and we want programmatic access here which gives us an access key id and a secret access key so check that out permissions and let's see here we'll try to use an existing policy here and let's just find cognito and let's see so this looks good i think mainly we want the cognito user pools so we can use this one here if you want to use this in production i'd recommend building a custom one for this we'll just do power user and next so we don't need any tags these are kind of metadata about the user um so you could say like description something along those lines this user is used uh you know in x service so you could do something like that we don't need that we'll leave that blank let's review looks good and we can create the user okay so here's our user here's our access key id and secret access key don't worry by the time this video airs this user is going to be long gone and these will not uh these will not be around anymore so make sure you copy these two clipboard and next we'll take these back to our service all right let's take a look at our code here so i've got a basic project set up here just called cognito demo i've run go mod init go mod init to set up this project here and i have a dockerfile docker compose domain.go main.go is totally empty right now i have a folder package off and aws this is where we'll put all of our code that's going to basically interact with the aws sdk if you're interested in learning a little bit about go app structure i really recommend take a look at this gophercon talk about kat zine she runs through some really cool um structures that she's used in her professional career previously and i'm just a big fan of this one whole cmd package structure and then have various packages within so kind of using a watered-down simplified version of this i'll put the link in the description make sure you guys check that out it's a really cool talk okay um so we're gonna be building a little micro service here and let's get a router so we're just gonna go through as simple as we can as basic as we can so for this i'm going to use chi gochi it is a lightweight easy to use router big fan of it so let's figure out their getting started guide here so install it we'll run this command and that's not pasting there we go go ahead and run that commands and now we'll just copy over their code right here bring it into maine go land takes care of our imports and the last thing we want to do is set up a port here so we're using um to figure out where we're going to get this port from don't just want to run on 30 3000. inside of our docker compose we have this set up here we just have a single service it's just called web we're just building from this docker file here we're exposing this pork 8080 and in the environment variables we're setting that port also we have our aws access key id and secret access key that we created earlier okay for the docker file it's also really simple um we just take the base image from golang don't care about the version just trying to keep this basic basically add everything change that directory build everything expose that port and run it so just as simple as can be go ahead and find these in the repository i'll link with the source code so we need to look for this environment variable so we can say port os dot get in and we're just looking for port and then here for our connection string we'll just do a little sprint f and we'll give it a string okay so there's a super basic um basic server set up let's run this docker compose up build and it's going to run and looks like we're started so let's curl it now and we see we get back welcome right here and we get a little log statement from this uh fancy middleware did we get for free okay that looks good uh let's move on here all right so we're back in our main.go we have our environment variables all set up so now let's make an endpoint for our users to sign up so r.post we'll call it sign up that's our endpoint and it'll just be our sign up handle so let's make this handle function and handler functions need to look like this then you take that response writer and request and we'll just write back sign up okay so things we need to do in here um it's a post so we're going to get a body with it so we need to parse the request body we need to build a sign up request for aws and we need to make the set of requests okay so for this let's make it just a basic structure we'll say sign up quest and this is what we're going to decode into basically so when you make a post request um you got to decode the body and we'll decode it into this into one of these starts so this will have a username it's just a string and json will be lowercase username password also a string and the json will be lowercase password all right so here we'll parse that request body so to do this um we'll make a we'll make a strike so we'll do correct we'll call it req and it's a sign of request and now you can use this built-in json.new decoder give it r.body and we'll say decode into the address request okay and this should return an error and if error does not equal nil we gotta handle that error so we'll do that http dot error we'll say so it needs the response writer needs the error string and it needs a code and we'll say bad request if we're not able to decode the body probably means they give us a bad looking press body all right so now this is where we get to the sdk stuff and to do this we actually kind of need the sdk so let's talk about how we're going to get that that's going to live in here in this package off aws let's go find the golang amazon sdk so i have it here um you can just google aws sdk for go find it right there let's do getting started so all you need to run here are these commands go get this gets us the base sdk this gets us the config package which helps us parsing our environment variables and then we need our specific services and the specific service we want is cognito identity provider and this package lets us do things like create user pools we can authenticate users we can sign in sign up validate users confirm users etc so this is the one we want so we can copy this we can just do a quick go get all right so we have all of our packages um so let's start doing things all right so this is the getting started page again for aws and you can see down here they have some more getting started code here so the basic gist you load in your config and this is getting it from your environment variables right your secret access key the region etc load it in check for any errors and then otherwise you can just create a client from our package so we'll do our cognito identity provider dot new from config and then you have access to all of the clients functions so let's copy just this here we're going to say funk init and just don't turn anything down okay so config and it just automatically loads that in context let's get it from just the context package here and i'm going to change this to background background and to do are identical i just don't like seeing to do there okay so now we have config there so now let's do cognito yep so cognito identity provider dot new from config so let's do that and i'm gonna alias this to cip just to make it easier to type and what does this take this just takes a config and some optional parameters so you just do cfg and that returns a pointer to the client so that's just what we need and i'm going to make a structs to hold this client because we're going to need one other thing in it as well so we'll do you know client we'll call it that just build a basic struct and we need our app client id in there which is just a string um and then it's gonna it's gonna have a pointer to cip.client okay and we should be able to return one of these guys now so let's do address needle client and let's return one so this takes a string and this okay whoops this needs a comma all right there we go and remember we have this client id right here in the environment so we can do os dot get and paste the key okay so this sets us up this uh gets all of our config parts from the environment and we just return our struct which is just basically a wrapper around this client but it just has an extra field which is our client id and we'll use this in a bit here so let's jump back to main so if error just okay right here let's just panic panic is not something you always want to do this is proud if you're writing some product handle that error better for this video we're just going to panic okay and let's build that client out so let's say cognito client is equal to off.net and that should be good yeah unused variable all right so chi has an awesome middleware uh called with value and it takes a key which can be anything and it also takes a value so the key we'll just say cognito client and the value is just going to be this all right so it's cognito client is our key and it's a pointer to this struct that we made all right so that should be in the context of every request and we can test that out so let's try that git client from context let's do that um we'll say incognito client okay equals r dot context dot value and we said it was cardinal we didn't said it was this here and we just need to cast this to be off dot needle client and let's check it so if not okay that means there was a problem getting it from the context and casting it to this pointer this um off dot connect line pointer will return an error and we'll say could not retrieve cognito client from context and this is an internal server there this is something on our side oh right and let's just test this out so we're going to try to call this signup endpoint and it should parse our request body it should try to pull the cognato client out from the context and it should return sign up so let's go ahead and build this docker compose up build and i'm going to use curl but i've made this body.json file here and i've just given it a username and a password and it's just what we need to make this request work so you can do pearl um you do curl and give it the endpoint and if you pass this parameter d you can just do at the file name and it will make the request alright so we see it went through um yeah no errors so we were able to pull this out in context and we returned our sign up so awesome so now let's make that sign up request so let's hop back here let's look at the exact function we want to call so there is a sign up function in here and this package click that and it registers the user in the specified user pool and creates a username and password and all of our attributes so it takes a context which we'll just get from our request and it takes the input this uh special input parameter here these are just optional functions you can look at those we won't take a look at that today so let's take a look at this input object okay so we see it takes a client id and that is in our cognito client struct we can just pull it out of there and then it takes the password and username and everything else in this struct is just optional remember in the user pool when we said no to the client secret if we would have said yes we would get a client secret and we would need to generate a hash each time with that secret plus the client id the app client id um and the username each time um each time we made that request so it's just like an extra layer of security in your application you can do it we're not going to do that today okay so this is a sign up input so we know that so we'll say aws request is a sign up input and this needed the client id which remember we can get from here our cognito client dot app client id and then it needs a username which we're going to get from our request.username and password and my request password okay and this is complaining um these take aws strings which are basically just a string but it's a little wrapper that you have to do pretty much every time you're working with the aws sdk and go so let's put those in okay so there's our request and now we can make our actual call so we can do cognitive client dot sign up and it took a context so r.context if the user's connection and request gets cancelled we'll also cancel our request to aws so we kind of save resources there we pass in the aws request object we just made so now this returns a sign up output and an error so i don't really care about the output for now just care about the error and if error does not equal nil we're just going to duplicate this and this will be an internal server error this time we've already defined error okay so yep parsing the request getting our client from context we're building the aws request and we're making the request so let's go ahead and rerun this i'll skip ahead all right and we're back we're up and running so let's go ahead and make that request let's see what happens so we get sign up we got 200 back and here's it logged so this should have actually signed up a user so if we hop back to browser jump to our user pool let's go to users and groups and let's refresh the page so here we see we got dev that's our user that we just created here they're enabled but they're unconfirmed so this is the first part of the flow you sign up and then we have to confirm the user we just created and then they can sign in afterwards so we'll handle the confirming users in the next video so thanks for watching make sure to like comment and subscribe on the video really helps out the channel and we will see you soon

Info

Channel: devtopics

Views: 277

Rating: undefined out of 5

Keywords: aws, cognito, golang, go, programming, identity, authentication, sign in, sign up, amazon, amazon web services

Id: GfKQEN65Vtg

Channel Id: undefined

Length: 21min 6sec (1266 seconds)

Published: Fri Jun 11 2021