MMT-3568: Setup a lambda for launchpad login/callbacks #1109
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR focuses on the lambdas only. The workflow is as follows:
?target
to the route path which they should be returned to.saml-login
lambda generates aauthorizationUrl
using thenode-saml
package. The lambda will then redirect to this launchpad authorization url and will include: therelayState
(target to return to), callback url (endpoint is another lambda), along with a number of key/values needed by launchpad for authentication (found instatic.config.js
)saml-acs
is a lambda that responds to the launchpad callback. The launchpad token is found in the header. It needs to parse the body of the response to pull out details such as email, auid, etc. This is an encoded response, so it uses theSaml2js
to parse out these details. It then takes all this information and create a JWT token and will pass (via redirect) this token to the MMT React Application as ajwt
query parameters in the URL.jwt
query parameter, pull out the launchpad token and use this for CMR graphql queries. (This implementation will follow in a separate ticket).Couple things to note:
static.config.js
includes a cert key. Thenode-saml
package requires a value here. Although I looked through the rails mmt code and it nowhere uses this cert for logging in. It only uses the cert for validating a launchpad token. So right now I'm just usingfake_cert
as a value and not seeing any issues testing locally.api.mmt.[sit|uat].earthdatacloud.nasa.gov
and include respective callback urls for any of the above to work. I tested all this using a local version usingmmt.localtest.earthdata.nasa.gov
to verify the code works and properly authenticates. (these urls are currently registered with launchpad).