Skip to content
Noback

Authentication

Authentication within Noback leverages AWS Cognito, enabling secure, reliable, and straightforward integration with Google Single Sign-On (SSO), that is part of the start up process. This system ensures robust identity management and access control across AWS services, emphasizing security and ease of use.

AWS Cognito with Google SSO

The is of course not the only way that you can login to Cognito, but is the one that came by default with noback, for the convinience to allow users to authenticate quickly and securely with their existing Google accounts, reducing overhead in user management.

JSON Web Tokens (JWT) for ACL

Upon successful authentication, Cognito issues JSON Web Tokens (JWT), which Noback utilizes for Access Control Lists (ACL). While allowance patterns are defined as Infrastructure as code, these tokens securely encode user permissions, enabling granular control of access across various AWS-backed services.

JWT Use Cases:

  • Clearly define and enforce user permissions.
  • Verify user roles and access privileges rapidly.
  • Secure API endpoints and resource interactions effectively.

Connection Fingerprinting

To safeguard against session hijacking and other security vulnerabilities, Noback implements connection fingerprinting. By creating a unique fingerprint for each user’s session based on connection details, it significantly reduces the risk of unauthorized access.

Security Enhancements and Helpers

In addition to the primary authentication measures, Noback incorporates several security tools:

  • CORS Management: Automatically generating appropriate Cross-Origin Resource Sharing (CORS) headers to mitigate cross-site scripting (XSS) attacks.
  • Access Auditing: Easy-to-use interfaces and tools for administrators to monitor and audit user access, quickly identifying who has permissions to access specific resources.
  • Security Utilities: Helper functions and utilities that streamline the implementation of security best practices and validations.

By combining Cognito authentication, JWT-based ACL, session fingerprinting, and security-focused tools, Noback ensures secure, efficient, and manageable authentication and access control throughout its architecture.