Authentication & Access Control

Complete authentication and authorization documentation.

Authentication Architecture

For technical implementation details:

Authentication Guides

RBAC System

Role-Based Access Control - Complete RBAC guide

Key topics:

  • Core roles (ADMINS, LAB_MANAGERS, RESEARCHERS, CLINICIANS)

  • Permission schema

  • User configuration

  • Cognito implementation

  • Best practices

Testing Authentication

Testing Authentication - Comprehensive auth testing

Key topics:

  • Local testing (fast iteration)

  • AWS testing (deployed environments)

  • Testing protected endpoints

  • RBAC testing

  • How JWT validation works

  • Automated testing scripts

User Management

User Management - Creating and managing users

Topics to cover:

  • Creating users via Cognito

  • Assigning groups

  • Managing passwords

  • User lifecycle

Permissions

Permissions System - Permission details

Quick Commands

Test Authentication

# Local testing
make test-jwt-local ENV=stage ORG=myorg

# AWS testing
make test-jwt-aws ENV=stage ORG=myorg

# Full regression
make test-jwt-regression

Get JWT Token

TOKEN=$(make get-rs-token ENV=stage ORG=myorg \
  USER_NAME=admin@myorg.com PASSWORD=YourPassword)

Create User

# Via AWS CLI
aws cognito-idp admin-create-user \
  --user-pool-id us-east-1_ABC123 \
  --username user@myorg.com \
  --user-attributes Name=email,Value=user@myorg.com

User Groups

Group

Permissions

Use Cases

ADMINS

All (*)

System administration

LAB_MANAGERS

Submit, view, approve

Lab oversight

RESEARCHERS

Submit, view own/group, drafts

Laboratory work

CLINICIANS

Submit, view own

Clinical data entry