Skip to content

Add cognito authentication flow token schema support.#68

Merged
Duslerke merged 20 commits intoreleasefrom
feature/add-cognito-token-support
Feb 25, 2026
Merged

Add cognito authentication flow token schema support.#68
Duslerke merged 20 commits intoreleasefrom
feature/add-cognito-token-support

Conversation

@Duslerke
Copy link
Contributor

@Duslerke Duslerke commented Feb 24, 2026

What:

  • Decouple the token presentation concern from domain logic.
  • Add conditional token Google Groups key construction based on incoming token schema (groups are either in Groups or CustomGroups).

Why:

  • Old Hackney authentication flow expects the incoming token to contain Google groups within Groups field encoded as JSON Array. However, the new schema aims to reduce the size of hackney token (due to 4kB cookie size limitation) by cutting out all the JSON syntax (which analysis shows increases token size by ~11%) and replacing it with ; separator joined string. Additionally, within the new token schema Google groups are stored under custom:groups key.

Notes:

  • I've updated the JWT tests setup to use generated tokens instead of using the hardcoded one. Done this to prevent having something that looks like real secrets in the code base needlessly alarming developers. Also did this to reduce the git guardian noise.
  • The hardcoded token I removed was a dummy token with values that match hardcoded values within one of the tests I've modified.

@Duslerke
Create presentation layer class for parsing Hackney Token.
2714706 
This is so that both the old token format, and the new Cognito token format both get supported at the same time w/o any changes to the domain logic.
@Duslerke
Add token tests helper for generating tokens. Adding group generators…
45c8b44 
… thus far.
@Duslerke
Add presentation and domain token object generators to jwt test helpers.
fc6dc0c
@Duslerke
Add 'Microsoft.IdentityModel.Tokens' for the utils for cryptography s…
7a390e7 
…o the tests helper generated token can be signed.
@Duslerke
Add 'System.IdentityModel.Tokens.Jwt' for its utils of creating the J…
9c21a91 
…WT token structure that tests helper needs to create.
@Duslerke
Add token encoding tests helper method.
9c0500f
@Duslerke
Update token generator to be a single function that accepts token sch…
a7cca4d 
…ema type.

This is because in reality, regardless of what schema is expected under the hood, the parse schema representing incoming data will always be TokenPresentation, just with different keys.
@Duslerke
Token tests helper: generate and return token string and the token it…
5e9015f 
… self for assertions.
@Duslerke
Switch TokenPresentation to public so it can be used by tests helpers.
b721bdb
@Duslerke
Disable CA1707 complaining about underscores in test names.
a93376c 
All this rule ensures is that tests names are unreadable.
@Duslerke
Add a test that covers the Token parsing when Cognito schema is provi…
27cc5c5 
…ded.
@Duslerke
Update the token tests helper so that exp, iat, nbf fields are set to…
82a6590 
… our controlled values rather than jwt generator defaults.
@Duslerke
Replace old JWT token schema test that used hardcoded values with one…
18eee21 
… that generates token dynamically.
@Duslerke
Remove the hardcoded dummy (yes, I checked) old schema token, replace…
74cc329 
… with dynamically generated one to prevent future gitguardian noise.
@Duslerke
Update the JWT package 'token.Create' functionality to support 'Cogni…
87e17b7 
…to' token schema in addition to the old Hackney token schema.
@Duslerke
Add JWT 'token.Create' test to cover for neither 'Groups', nor 'Custo…
cc10256 
…mGroups' case that compiler forces to address.
@Duslerke Duslerke requested a review from a team as a code owner February 24, 2026 13:49
@Duslerke Duslerke mentioned this pull request Feb 25, 2026
Merged
LBHTKarki
LBHTKarki reviewed Feb 25, 2026
View reviewed changes
LBHTKarki
LBHTKarki reviewed Feb 25, 2026
View reviewed changes
@Duslerke
Drop the generic type from TestToken. Reason is that this class is fo…
97bf413 
…r presentation layer tests only (jwt str + token obj), meaning only TokenPresentation is needed for the setups. Removed code is remanants of a different approach.
@Duslerke
Forgot to remove generic type restrictions.
19dd32f
@Duslerke
Update JWT test name to specify it's an edge case of no groups gettin…
8736250 
…g provided.
@Duslerke
Clean up TokenPresentation comments.
358ec72
manimaran-ramalingam
manimaran-ramalingam approved these changes Feb 25, 2026
View reviewed changes
Copy link

@manimaran-ramalingam manimaran-ramalingam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Duslerke Duslerke merged commit 16ad290 into release Feb 25, 2026
8 checks passed
This was referenced Feb 25, 2026
Merged
Merged
Merged
This was referenced Feb 25, 2026
Merged
Merged
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LBHTKarki LBHTKarki LBHTKarki left review comments

@manimaran-ramalingam manimaran-ramalingam manimaran-ramalingam approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Duslerke @LBHTKarki @manimaran-ramalingam