Skip to content

Login and Authentication

Jeremy Nelson edited this page Sep 9, 2020 · 1 revision

Sinopia user accounts are managed by AWS' Cognito service: https://aws.amazon.com/cognito/

The editor uses the AWS Amplify package to handle session creation, renewal, and management for users (the SDK provides methods for attempting to login and for attempting to obtain a valid idToken, either by pulling a currently valid one from local storage if available or by requesting a new one if local storage has a valid refreshToken to submit to Cognito for the user -- if neither is successful, the user will have to re-login). The editor passes the idToken to the sinopia_api for user authentication.

Note that there are two ways that a user can have an invalid refreshToken in local storage:

  • The token is more than one month old, and has expired.
  • The user explicitly logged out in another browser, invalidating any previously issued refresh tokens.

In those cases, the Cognito SDK will fail to obtain a valid idToken for the user, the editor will treat the user as not having a session, and will force a new login, so that the user can get a valid token and interact with the backend.

Links

Clone this wiki locally