Overview

The authentication domain is part of the puzzle piece P42 Authentication, which is a core part of PAL. The purpose of this domain is to handle authentication and generation of JWT tokens. The JWT tokens are used for access to the system.

P42 Autentication uses AWS Cognito as the Identity Provider (IdP), currently that is the only supported IdP.

The Authentication domain does not include the management of users and accounts, that is handled by the Customer domain.

Authentication using API-keys are currently not handled via the Authentication domain. New keys needs to be manually created in AWS API Gateway.

Bounded context

Sequence API

A user authentication flow starts when the user consumes the endpoint /login. The payload contains credentials which are used to validate the user login with AWS Cognito. During the authentication process, cognito may trigger one or more lambda functions to perform different tasks. If the authenticaiton is successful, Cognito will respond with a set of tokens, which may be used for authentication towards other services.

Sequence Hosted UI (incl Federation)

Flows

TBD