Switch to cognito user/password authentication. Major code refactor.

2025-05-16 11:05:54 -05:00
parent 8d1997fa5a
commit c221a8cded
17 changed files with 220 additions and 109 deletions
--- a/infrastructure/stack.py
+++ b/infrastructure/stack.py
@@ -1,5 +1,6 @@
 import os
 from aws_cdk import (
+    Duration,
    Stack,
    aws_ec2 as ec2,
    aws_iam as iam,
@@ -118,17 +119,20 @@ class IptvUpdaterStack(Stack):

        # Add App Client with the correct callback URL
        client = user_pool.add_client("IptvUpdaterClient",
+            access_token_validity=Duration.minutes(60),
+            id_token_validity=Duration.minutes(60),
+            refresh_token_validity=Duration.days(1),
+            auth_flows=cognito.AuthFlow(
+                user_password=True
+            ),
            o_auth=cognito.OAuthSettings(
                flows=cognito.OAuthFlows(
-                    authorization_code_grant=True
-                ),
-                scopes=[cognito.OAuthScope.OPENID],
-                callback_urls=[
-                    "http://localhost:8000/auth/callback",  # For local testing
-                    "https://*.amazonaws.com/auth/callback",  # EC2 public DNS
-                    "https://*.compute.amazonaws.com/auth/callback"  # EC2 full domain
-                 ]
-            )
+                    implicit_code_grant=True
+                )
+            ),
+            prevent_user_existence_errors=True,
+            generate_secret=True,
+            enable_token_revocation=True
        )

        # Add domain for hosted UI