Cognito login to jets website

question

#1

Hi!

I really love Ruby on Jets so far!

I’m trying to build a Azure AD SSO protected webpage.
I see that Jets supports cognito authorizers and I set up a user and identity pool and connected it to Azure.
Am I correct that the authorizers are only for when building an API, not a jets website?
https://rubyonjets.com/docs/routing/authorizers/

If so what would be the recommended way to build a pure jets website and only allow certain users from our Azure tenant on there?


#2

Haven’t messed with AD SSO yet, so unsure. Wondering if someone else has done something similar and can add to the conversation.

Here are some thoughts that may help though:

  • When I added Lambda and Cognito Authorizers support, it did feel like Authorizers were initially designed for the API world or heavy javascript SPA apps; instead of a traditional browser-based website experience.
  • Authorizers expect you always to send the token as part of the request. This makes a lot of sense for APIs and SPA apps. With SPA apps, javascript controls the sending of the request and it can simply add the header to all the requests.
  • For traditional websites, the auth info is usually sent as part of a session cookie. Believe cookies are ultimately sent via headers so, in theory, it should also work with “Request Type” Lambda Authorizers. The lambda authorizer would have to parse the cookie. Haven’t seen an example yet though. Here’s a stack overflow link with some discussion (no example) https://stackoverflow.com/questions/46722612/aws-custom-authorizer-get-token-from-cookie
  • For AD SSO with Cognito, think the Cognito authorizer ultimately expects a token always to be sent. Think you may have to intercept all links with some javascript to make sure that the token is added to the request. It’s a workaround idea.
  • Am interested in other ideas and also if you end up figuring it out.

Hope that helps.


#3

Thank you Tung, that is very helpful!

Since this is my first jets project I probably should just switch to only writing the API with jets and have an SPA on S3 to do the front-end.
It’s a bit of a bummer because I really love the rails rapid prototyping, but I don’t have the head space right now to experiment on too many fronts at once.

Thanks again fro the great work you’re doing!