Skip to content

Technical Debt (security): Implement client_secret in login #242

New issue
New issue
Open
Open
Technical Debt (security): Implement client_secret in login#242
Labels
complexity: missingdependencyIssue has dependenciesdraftThis issue is not fully-writtenfeature: infrastructureFor changes on site technical architecturerole: back ends: PD teamstakeholder: People Depot Teams: kbstakeholder: knowledgebasesize: 5ptCan be done in 19-30 hours
Milestone
 
01. Compliance
@fyliu

Description

@fyliu
fyliu
opened on Jan 18, 2024

Dependency

Overview

For #241, we decided to disable a security feature of OAuth2 authentication in order to get backend login to a working state. It should be implemented correctly in order to protect the backend against that class of attacks.

Action Items

  • create an app client in the cognito user pool that contains client_secret
  • implement a solution in PD that can successful authenticate against cognito using the client_secret value

Resources/Instructions

Metadata

Metadata

Assignees

No one assigned

    Labels

    complexity: missingdependencyIssue has dependenciesdraftThis issue is not fully-writtenfeature: infrastructureFor changes on site technical architecturerole: back ends: PD teamstakeholder: People Depot Teams: kbstakeholder: knowledgebasesize: 5ptCan be done in 19-30 hours

    Type

    No type

    Projects

    P: PD: Project Board

    Status

    🧊Ice Box

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions