Fine tuning end-to-end workflow

[yasima-csiro]

• - Fix first name issue
• - DB config issue
• - Hosted UI login page re-design
• - Create sub domain - secure.ala.org.au
• - User registration
• - Logout
• - MFA
• - Clean up user attributes
• - Show terms and conditions page after login if not accepted
• - Users ability to set MFA
• - Capcha for reset password
• - User Id for new users
• - Show password when admin tries to reset user's password.
• - Activated and locked
• - flicker and iNaturalist accounts linking
• - ansible script for deployment
• - API Key generation
• - IP list and API Key lists
• - Legacy Id will be saved in "name" attribute - pool "email-update-test"
• - Set up apple login
• - Hosted UI url format
• - Common UI for dev, test and prod

Issues

• - invalidate session after password reset
• - Get user by username API is case sensitive
• - How to migrate a user who doesn't remember the password

[yasima-csiro]

Was able to make logout work with a small change to ala-auth plugin - AtlasOfLivingAustralia/ala-auth-plugin@4ef4b6d

And need to configure logout url as below.

security.oidc.logoutUrl = https://<<domain_name>>/logout?logout_uri=<<logoutUrl>>&client_id=<<clientID>>

Refer:
https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html

The existing logout mechanism is not working due to not having "end_session_endpoint" in Cognito OIDC discovery metadata -
https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_dqIVUS9bF/.well-known/openid-configuration

[yasima-csiro]

Hosted UI

[yasima-csiro]

MFA

[yasima-csiro]

Emails