Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

login page and protected routes #75

Merged
merged 3 commits into from
Jan 13, 2025
Merged

login page and protected routes #75

merged 3 commits into from
Jan 13, 2025

Conversation

ojn03
Copy link

@ojn03 ojn03 commented Jan 7, 2025
edited
Loading

  • Migrate to code grant flow rather than implicit token grant, which exposes access token to client. Essentially this means that rather than adding the access token directly to the url header, it adds a one time code which the server can then use to request the tokens from Cognito
  • Enabled route protection, so users can only view certain pages once they are logged in.
    For this to work, it is necessary to add the following env variables
    NX_CLIENT_URL
    NX_COGNITO_CLIENT_NAME

Future plans are to store tokens within cookies. Currently, because they are stored in memory as a variable, users are logged out on refresh.

circlegov
circlegov approved these changes Jan 12, 2025
View reviewed changes
Copy link

@circlegov circlegov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! sorry for such a late review

@ojn03 ojn03 merged commit 8816be4 into main Jan 13, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@circlegov circlegov circlegov approved these changes

Assignees

@circlegov circlegov

@ojn03 ojn03

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ojn03 @circlegov