-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yaml
137 lines (127 loc) · 4.46 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
A Custom Passwordless Authentication Flow implementation in Cognito using TokenChannel.io. Send tokens by SMS, VOICE, WHATSAPP, EMAIL and 14 languages available.
Metadata:
AWS::ServerlessRepo::Application:
Name: cognito-passwordless-authentication-with-tokenchannel
Description: >
A Custom Passwordless Authentication Flow implementation in Cognito using TokenChannel.io. Send tokens by SMS, VOICE, WHATSAPP, EMAIL and 14 languages available.
Author: TokenChannel
SpdxLicenseId: MIT-0
LicenseUrl: LICENSE
ReadmeUrl: README.md
Labels: ["cognito", "passwordless", "authentication", "auth", "sms","whatsapp","telegram","voice","call","email","mfa","2fa"]
HomepageUrl: https://github.com/oalles/cognito-passwordless-authentication-with-tokenchannel
SourceCodeUrl: https://github.com/oalles/cognito-passwordless-authentication-with-tokenchannel
Globals:
Function:
Timeout: 10
Parameters:
UserPoolName:
Type: String
Description: The name for the User Pool
TCLanguage:
Type: String
Description: Tokenchannel - Default language for token notifications
TCChannel:
Type: String
Description: TokenChannel - Default channel to send the notifications
TCApiKey:
Type: String
Description: TokenChannel -Account api key
TCTestMode:
Type: String
Description: TC - whether test mode is enabled. Delivery is mocked, and api can be used to retrieve otp token
Resources:
DefineAuthChallenge:
Type: AWS::Serverless::Function
Properties:
CodeUri: lambda-triggers/define-auth-challenge/
Handler: define-auth-challenge.handler
Runtime: nodejs14.x
CreateAuthChallenge:
Type: AWS::Serverless::Function
Properties:
CodeUri: lambda-triggers/create-auth-challenge/
Handler: create-auth-challenge.handler
Runtime: nodejs14.x
Environment:
Variables:
TOKENCHANNEL_LANGUAGE: !Ref TCLanguage
TOKENCHANNEL_API_KEY: !Ref TCApiKey
TOKENCHANNEL_CHANNEL: !Ref TCChannel
TOKENCHANNEL_TEST_MODE: !Ref TCTestMode
VerifyAuthChallengeResponse:
Type: AWS::Serverless::Function
Properties:
CodeUri: lambda-triggers/verify-auth-challenge-response/
Handler: verify-auth-challenge-response.handler
Runtime: nodejs14.x
Environment:
Variables:
TOKENCHANNEL_API_KEY: !Ref TCApiKey
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Ref UserPoolName
Schema:
- Name: phone_number
AttributeDataType: String
Mutable: true
Required: true
- Name: locale
AttributeDataType: String
Mutable: true
Required: false
- Name: channel
AttributeDataType: String
Mutable: true
Required: false
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
UsernameAttributes:
- phone_number
MfaConfiguration: "OFF"
LambdaConfig:
CreateAuthChallenge: !GetAtt CreateAuthChallenge.Arn
DefineAuthChallenge: !GetAtt DefineAuthChallenge.Arn
VerifyAuthChallengeResponse: !GetAtt VerifyAuthChallengeResponse.Arn
DefineAuthChallengeInvocationPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt DefineAuthChallenge.Arn
Principal: cognito-idp.amazonaws.com
SourceArn: !GetAtt UserPool.Arn
CreateAuthChallengeInvocationPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt CreateAuthChallenge.Arn
Principal: cognito-idp.amazonaws.com
SourceArn: !GetAtt UserPool.Arn
VerifyAuthChallengeResponseInvocationPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt VerifyAuthChallengeResponse.Arn
Principal: cognito-idp.amazonaws.com
SourceArn: !GetAtt UserPool.Arn
UserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: auth-client
GenerateSecret: false
UserPoolId: !Ref UserPool
ExplicitAuthFlows:
- CUSTOM_AUTH_FLOW_ONLY
Outputs:
UserPoolClientId:
Description: ID of the User Pool Client
Value: !Ref UserPoolClient