This is a basic identity broker web app that illustrates single sign on (SSO) via the Authorization Code Flow process.
- Copy
.env.templateto.envand set the following values:VITE_AUTH_API_URL- This will be the API url (apiUrl)VITE_CLIENT_ID- This will be your Cognito Client Application forSSO Broker- (Optional) - These are just for auto-fill for quick testing
VITE_USERNAME- A valid username (email) in Cognito.VITE_PASSWORD- The password for the user.
- Run the following commands to start the dev server
npm install npm run dev
This Broker application has 2 main functions. Its first is to facilitate user interactions (e.g. login, MFA, Password reset, etc) and secondly as a communication channel that allows client applications to authenticate the user via an Authorization Code Flow process.
-
- Simple
username/passwordform for processing a login request.
- Simple
-
initilize-- Initializes and configures the client applicationauthenticate-- Determines the user's current authentication and starts the code flow process, passing back acodethe client application will exchange for tokens.redeemCode-- Processes a client app'scodeandcodeVerifierand returns tokens, if successful.logout-- Logs the user out of the client app (and the SSO Broker if requested).refreshTokens-- Updates the user'sidTokenandaccessTokenif theirrefreshTokenis still valid
- This example uses a
username/passwordapproach for login. This is to keep this example focused on the broker concept. The preferred approach would be using SRP (Secure Remote Password). - API calls are made thru the Vite dev server vite.config.ts with a
proxyconfiguration. So if you deploy to another web server, you will need to account for this.{ proxy: { "/auth": { target: AUTH_API_URL, changeOrigin: true } } }