Chop Chop #5

Give Me Access!

ChopChop#1 ChopChop#2 ChopChop#3 ChopChop#4

Welcome to ChopChop#5! Now I know that this instalment is one week behind schedule so apologies for keeping you all waiting on the edge of your seats for another seven days. The focus of the past few weeks has been authentication, namely figuring out how it works and how to implement it. On the surface it seems pretty simple, users are able to register as a new user, and then login and logout of the app. Simple right?

That is what I thought, but there are so many intricacies involved in getting an access token, which is a code that allows you to gain access, funny that. If we look at registration for example, what happens when you try to register a username that someone already has? Or use a password that is not complex enough? These and many other issues have to be handled to ensure that it is a smooth and informative user experience.

For our authentication solution, being that the whole app is on Amazon Web Services (AWS) , we went with their authentication service, Cognito. Cognito does a lot of work to help manage users, all you need to do is create a user pool, which is where all the user data is stored, and then add users into the pool when they register. This allowed us to follow the same pattern as the other microservices using infrastructure as code to create the pool and the logic to interact with it.

A big hurdle is that there is not much content out there about using Cognito on iOS (that is coding in Swift). This meant that we were figuring everything out ourselves, which is never a fun experience and it is always better to build on what has come before. The integrated Cognito solution that we could just plug into the app was such a bad user experience that we threw it away and built our own custom login and registration screens. These collect the relevant data, and then send it into the cloud to be processed.

Using this approach, the logic can be written in Python and the processing done on AWS rather than on your phone. Of course this adds additional API calls, but that was the cost of getting it to look and work the way we wanted it to. Doing all of this ourselves means implementing all the communication with Cognito. So not only do we need to send a request to add a new user, or to log that user in, but also to reset their forgotten password, or refresh their access token once it has expired. This is a lot of functionality to build, but it works and we have full control over how it works. Its just handling all the errors that can come up that takes time.

A lot of time was spent logged into the AWS console, doing a test action and seeing what happens. Such as trying to register a new user and seeing an error come back, then fixing that issue, doing it again, and seeing a new error come back. This iterative approach felt sort of like doing some quality assurance, trying to break the app but where we had only built the basics and trying to add all the edge cases as we thought of them.

I have to give a shout out to Oliver Jones from the Itty Bitty Apps team as well as everyone at Mantel Group who answered my basic questions about how to get started with authentication and what we should consider doing. Is this solution the best? Not by far, but it works and I understand how it works which I think is a win. Plus having full control of it all allows us to be specific in what we add and how it works.

We could have easily spent months building an authentication solution so it was good to get something working, and seeing the app login when it was working was such a satisfying feeling. I think that over time the authentication microservice will expand to have more functionality, but for now our users can register and then login (and logout), and I think that is good enough.

That's all for now, chop chop.