Answers.
Create user pools. [50] (S), Register an app client. [100] (S)
Created Cognito user pool and registered an app client
Add a list of employees in the User pool. [100] (S)
Create groups and assign respective groups to employees. [100] (S)
Created Group.
assigned respective groups to employees
Integrate the Voting server and Voting client with Amazon Cognito using
OIDC. [100] (S)
Server/client_secret.json
client/client_secret.json
Run the app. [200]
Running the application.
Demonstrate the payload of the access token and id token and explain the usage and
difference between them. [100]
The above image contain the token id which is
73da8216-4e65-4113-a355-358483fe5f07
and JWT access token which is
eyJjc3JmX3Rva2VuIjogIjB0THl0SUFnZEtUX05tZEZORmlFdTVELVFwaTU3a0tsIiwgIm
Rlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6VXhNaUo5LkltaDBkSEJ6T2k4dk1Ua3l
MakUyT0M0eE1DNHpOem81T1RrNUwyeHZaMmx1SWcuU1h2RW9wdzNDUlNLWjJZc
W5jbElsdU9iZWtMRVJFSC1ScnB1R1JZRnF3dVhHYnFHUFFsc2RNM3ljb0tiTjNxQ2I5U
nhDWm1MSnBwUlIxV0MxUW40RncifQ
Access Token is used to check the authorization of the user or we can say it’s an identity
token provided by the application to confirm the authorization access of the user.
The JWT token contains the CSRF token which is used to prevent cross site request forgery
and the destination data contains the payload.
The destination data with contains the payload is redirecting to the login page of the
application.
Extract the vote token and explain its payload. [50]
The vote token.
{
"at_hash": "qQXEWFsazkUJ16z07BUeCA",
"sub": "555ce0f8-f7f8-4ef7-945b-c311113c7a52",
"cognito:groups": [
"admin"
],
"email_verified": true,
"iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_TbSQ8M0PM",
"cognito: username": "upgrad_admin1@example.com",
"origin_jti": "c47dc7e0-2e84-42be-9b28-97558f1498f3",
"aud": "6jfq7lqg8v98jd49ffru2adglo",
"token_use": "id",
"auth_time": 1643041984,
"exp": 1643045584,
"iat": 1643041984,
"jti": "b360fe71-12e8-4393-986f-e29da838a17f",
"email": "upgrad_admin1@example.com"
}
Explain the relevance of JWT tokens with respect to the project. [50]
As shown above, JWT token contains details for authorization and authentication. As we can
see the initial request contains login details as shown above.
Post authentication of the user the voter JWT token contains all kind of details of the user
while submitting the vote.
{
"at_hash": "qQXEWFsazkUJ16z07BUeCA",
"sub": "555ce0f8-f7f8-4ef7-945b-c311113c7a52",
"cognito:groups": [
"admin"
],
"email_verified": true,
"iss": "https://cognito-idp.us-east-2.amazonaws.com/us-east-2_TbSQ8M0PM",
"cognito: username": "upgrad_admin1@example.com",
"origin_jti": "c47dc7e0-2e84-42be-9b28-97558f1498f3",
"aud": "6jfq7lqg8v98jd49ffru2adglo",
"token_use": "id",
"auth_time": 1643041984,
"exp": 1643045584,
"iat": 1643041984,
"jti": "b360fe71-12e8-4393-986f-e29da838a17f",
"email": "upgrad_admin1@example.com"
}
Explain the use of AWS user pool with respect to the project. [50]
A user pool is a user directory in Amazon Cognito. With a user pool, our users can sign in to
ztev project through Amazon Cognito. Our users can also sign in through social identity
providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.
Whether your users sign in directly or through a third party, all members of the user pool
have a directory profile that you can access through a Software Development Kit (SDK).
User pools provide:
Sign-up and sign-in services.
A built-in, customizable web UI to sign in users.
User directory management and user profiles.
Security features such as multi-factor authentication (MFA), checks for compromised
credentials, account takeover protection, and phone and email verification.
Customized workflows and user migration through AWS Lambda triggers.
Suggest ideas to improve the overall security of the project. [50]
o Build of the code could be better.
o To make the project a little more interesting we could user RDS instead of
docker.
o We could implement Google Auth or another SAML to help us learn more
about IDAM.
