Manage users in Cognito using admin actions

Question

Manage users in Cognito using admin actions

MrHertal opened this issue 4 years ago · 9 comments

Admin actions allows us to quickly generate an API for managing Cognito users and groups. The goal of this issue is to discuss how we could make react-admin-amplify communicate with that API.

The way I see it right now is:

Define a resource name like cognitoUsers
Edit the data provider so when it sees that resource name is cognitoUsers, it calls the admin API instead of the GraphQL API.
Same thing with cognitoGroups

From here, we can easily list users and groups and display one user and one group.

In order to avoid people to always look for available fields we could create 4 components:

CognitoUserList
CognitoUserShow
CognitoGroupList
CognitoGroupShow

and since there is no update or delete, we could create two resources: CognitoUserResource and CognitoGroupResource that are only implementing list and show.

That would be a good start. But we could go further 🙂

What would be nice is to also create something like react-admin ShowButton, but the actions would be for each user:

confirmUserSignUp
disableUser
enableUser

other actions like addUserToGroup are more complex because they require a form, so we will have to create a custom route that is displaying a form and manage this form submit. I did something similar in a project and could do this easily.

Answer 1 · 2021-02-11T15:48:46.000Z

@MrHertal what about singUpUser and deleteUser ? Are they out of the scope? or we should provide an entry point to add the requests to the provider or something...

Answer 2 · 2021-02-11T17:31:55.000Z

I don't see them in the actions list
so we can skip them for now

Answer 3 · 2021-02-15T17:30:17.000Z

@MrHertal I've seen that you have added some changes 🎉 . What do you think about adding an optional configuration to the Admin component to inject deleteCognitoUser createCognitoUser and so on?

Answer 4 · 2021-02-15T17:41:27.000Z

Hi @gabrielperales, how would you do that?

Problem is there are no endpoints to create or delete Cognito users in the Admin queries API

Answer 5 · 2021-02-15T19:08:53.000Z

I know, and that's why you have to configure that because you will probably create those endpoints and you will need to add those endpoints to the provider.

Actually, I'm seeing that this approach we have been working is not going to cover my needs. In our App, I think we are going to need two user pools (one for the admins) and the other for the App users because they are going to have different password strength either 2FA policies.

So the Admin pool is the one who is going to login into this admin panel, but they need to manage the other Cognito user pool... so maybe the best option is a way to inject how to manage a specific resource. But thinking it better, maybe I just have to wrap buildDataProvider({ queries, mutations }) in a function and decorate it giving it that functionality :).

Answer 6 · 2021-02-16T10:54:05.000Z

OK I understand, you have a specific need that is not going to fit in the general case. Because you can only manage one user pool with Amplify.

You have to create the second user group with different password policy manually (outside of Amplify). Then I think you will have to extend the data provider like here in order to get the users from that other user pool.

If you want to create or delete users, you can add custom endpoints in the admin queries API and then again, extend the data provider to add create and delete methods for the specific resource cognitoUser.

In any case, this is beyond the scope of react-admin-amplify. This new feature will only cover the general case, which is displaying users and groups from Cognito and admin actions, using the generated admin API.

Answer 7 · 2021-02-17T15:20:28.000Z

I have completed the first part which was displaying users and groups: https://github.com/MrHertal/react-admin-amplify/releases/tag/v1.3.0

Answer 8 · 2021-08-02T03:11:37.000Z

@MrHertal

Sorry for the late message to this closed issue, I am currently building a ReactJS full stack for a non-profit.

I am particularly interested in this functionality.

What would be nice is to also create something like react-admin ShowButton, but the actions would be for each user:

confirmUserSignUp
disableUser
enableUser

other actions like addUserToGroup are more complex because they require a form, so we will have to create a custom route that is displaying a form and manage this form submit. I did something similar in a project and could do this easily.

I am also particularly interested in the ability to batch disable/enable users based on groups.

I wondering if you'd let me enable this functionality because your implementation really makes my life a lot easier.
There's just a few additional things I need to use of course.

Also, do you have any idea about the longevity of support in this library?

Thanks,
Austin.

Answer 9 · 2021-08-08T14:00:02.000Z

Hi @a93h

II will try to support this library as long as I can.

I don't have time currently to add this feature. If you want to add it, I will be pleased to review your PR.