Authentication & Access Control¶
Complete authentication and authorization documentation.
Authentication Architecture¶
For technical implementation details:
Authentication Architecture - High-level authentication flow and JWT tokens
Authentication Provider Pattern - Provider abstraction and environment variable precedence
Authentication Guides¶
RBAC System¶
Role-Based Access Control - Complete RBAC guide
Key topics:
Core roles (ADMINS, LAB_MANAGERS, RESEARCHERS, CLINICIANS)
Permission schema
User configuration
Cognito implementation
Best practices
Testing Authentication¶
Testing Authentication - Comprehensive auth testing
Key topics:
Local testing (fast iteration)
AWS testing (deployed environments)
Testing protected endpoints
RBAC testing
How JWT validation works
Automated testing scripts
User Management¶
User Management - Creating and managing users
Topics to cover:
Creating users via Cognito
Assigning groups
Managing passwords
User lifecycle
Permissions¶
Permissions System - Permission details
Quick Commands¶
Test Authentication¶
# Local testing
make test-jwt-local ENV=stage ORG=myorg
# AWS testing
make test-jwt-aws ENV=stage ORG=myorg
# Full regression
make test-jwt-regression
Get JWT Token¶
TOKEN=$(make get-rs-token ENV=stage ORG=myorg \
USER_NAME=admin@myorg.com PASSWORD=YourPassword)
Create User¶
# Via AWS CLI
aws cognito-idp admin-create-user \
--user-pool-id us-east-1_ABC123 \
--username user@myorg.com \
--user-attributes Name=email,Value=user@myorg.com
User Groups¶
Group |
Permissions |
Use Cases |
|---|---|---|
ADMINS |
All ( |
System administration |
LAB_MANAGERS |
Submit, view, approve |
Lab oversight |
RESEARCHERS |
Submit, view own/group, drafts |
Laboratory work |
CLINICIANS |
Submit, view own |
Clinical data entry |