cleanup: Remove Cognito-related environment variables (#2732)

mbta · Aug 7, 2024 · 03652e9 · 03652e9
1 parent 8b2b317
commit 03652e9
Show file tree

Hide file tree

Showing 9 changed files with 4 additions and 28 deletions.
diff --git a/.envrc.template b/.envrc.template
@@ -55,14 +55,6 @@ export SECRET_KEY_BASE=$(openssl rand -base64 48)
 ## Used by Erlang (only required in production)
 # export RELEASE_COOKIE=
 
-## AWS Cognito Authentication/authorization details (only required in production)
-# export COGNITO_DOMAIN
-# export COGNITO_CLIENT_ID
-# export COGNITO_CLIENT_SECRET
-# export COGNITO_USER_POOL_ID
-# export COGNITO_AWS_REGION
-# export GUARDIAN_SECRET_KEY
-
 ## CDN details (only required in production)
 # export STATIC_SCHEME
 # export STATIC_HOST

diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md
@@ -35,4 +35,4 @@ Skate is read-only, so it only needs to ingest data and present it. Skate uses t
 
 ## Authentication
 
-Skate's authentication uses AWS Cognito as a middleman to manage interaction with Active Directory (using federated services). The actual login page the user interacts with is hosted by Active Directory, you use your same username and password as your email. We could someday add levels of authorization using groups in Cognito, but don't at this time.
+Skate's authentication uses Keycloak as a middleman to manage interaction with Active Directory (using federated services). The actual login page the user interacts with is hosted by Active Directory, you use your same username and password as your email. We could someday add levels of authorization using groups in Keycloak and/or Active Directory, but don't at this time.
diff --git a/config/config.exs b/config/config.exs
@@ -142,9 +142,8 @@ config :logger, :console,
   format: "$time [$level] $metadata$message\n",
   metadata: [:mfa, :request_id]
 
-# "code" is the secret value returned by AWS to /auth/cognito/callback
 log_filter_params =
-  ~w(password code token guardian_default_claims guardian_default_resource guardian_default_token)
+  ~w(password token guardian_default_claims guardian_default_resource guardian_default_token)
 
 config :logster, :filter_parameters, log_filter_params
 
@@ -153,10 +152,9 @@ config :phoenix, :filter_parameters, log_filter_params
 # Use Jason for JSON parsing in Phoenix
 config :phoenix, :json_library, Jason
 
-# Fake Cognito authentication
+# Fake Keycloak authentication
 config :ueberauth, Ueberauth,
   providers: [
-    cognito: nil,
     keycloak: nil
   ]
 

diff --git a/config/dev.exs b/config/dev.exs
@@ -47,7 +47,6 @@ config :ex_aws,
 
 config :ueberauth, Ueberauth,
   providers: [
-    cognito: {Skate.Ueberauth.Strategy.Fake, [groups: ["skate-dispatcher", "skate-admin"]]},
     keycloak:
       {Skate.Ueberauth.Strategy.Fake,
        [groups: ["skate-readonly", "skate-dispatcher", "skate-admin"]]}

diff --git a/config/prod.exs b/config/prod.exs
@@ -51,20 +51,13 @@ config :logger, :console,
   format: "$time [$level] node=$node $metadata$message\n",
   metadata: [:mfa, :request_id]
 
-# Configure Ueberauth to use Cognito / Keycloak
+# Configure Ueberauth to use Keycloak
 config :ueberauth, Ueberauth,
   providers: [
-    cognito: {Ueberauth.Strategy.Cognito, []},
     keycloak:
       {Ueberauth.Strategy.Oidcc, userinfo: true, uid_field: "email", scopes: ~w(openid email)}
   ]
 
-config :ueberauth, Ueberauth.Strategy.Cognito,
-  auth_domain: {System, :get_env, ["COGNITO_DOMAIN"]},
-  client_id: {System, :get_env, ["COGNITO_CLIENT_ID"]},
-  user_pool_id: {System, :get_env, ["COGNITO_USER_POOL_ID"]},
-  aws_region: {System, :get_env, ["COGNITO_AWS_REGION"]}
-
 config :ex_aws, json_codec: Jason
 
 config :ehmon, :report_mf, {:ehmon, :info_report}
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -20,9 +20,6 @@ config :skate, Skate.OpenRouteServiceAPI,
   api_key: System.get_env("OPEN_ROUTE_SERVICE_API_KEY"),
   client: Skate.OpenRouteServiceAPI.Client
 
-config :ueberauth, Ueberauth.Strategy.Cognito,
-  client_secret: System.get_env("COGNITO_CLIENT_SECRET")
-
 config :skate, SkateWeb.AuthManager, secret_key: System.get_env("GUARDIAN_SECRET_KEY")
 
 pool_size =

diff --git a/config/test.exs b/config/test.exs
@@ -24,7 +24,6 @@ config :skate, Oban, testing: :inline
 
 config :ueberauth, Ueberauth,
   providers: [
-    cognito: {Skate.Ueberauth.Strategy.Fake, [groups: ["skate-dispatcher", "skate-nav-beta"]]},
     keycloak: {Skate.Ueberauth.Strategy.Fake, [groups: ["skate-dispatcher", "skate-nav-beta"]]}
   ]
 

diff --git a/mix.exs b/mix.exs
@@ -89,7 +89,6 @@ defmodule Skate.MixProject do
       {:ssl_verify_fun, "~> 1.1"},
       {:stream_data, "~> 1.1.1", only: :test},
       {:timex, "~> 3.7.5"},
-      {:ueberauth_cognito, "~> 0.4.0"},
       {:ueberauth_oidcc, "~> 0.4.0"},
       {:ueberauth, "~> 0.10.5"}
     ]

diff --git a/mix.lock b/mix.lock
@@ -81,7 +81,6 @@
   "timex": {:hex, :timex, "3.7.11", "bb95cb4eb1d06e27346325de506bcc6c30f9c6dea40d1ebe390b262fad1862d1", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.20", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 1.1", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "8b9024f7efbabaf9bd7aa04f65cf8dcd7c9818ca5737677c7b76acbc6a94d1aa"},
   "tzdata": {:hex, :tzdata, "1.1.1", "20c8043476dfda8504952d00adac41c6eda23912278add38edc140ae0c5bcc46", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a69cec8352eafcd2e198dea28a34113b60fdc6cb57eb5ad65c10292a6ba89787"},
   "ueberauth": {:hex, :ueberauth, "0.10.8", "ba78fbcbb27d811a6cd06ad851793aaf7d27c3b30c9e95349c2c362b344cd8f0", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f2d3172e52821375bccb8460e5fa5cb91cfd60b19b636b6e57e9759b6f8c10c1"},
-  "ueberauth_cognito": {:hex, :ueberauth_cognito, "0.4.0", "62daa3f675298c2b03002d2e1b7e5a30cbc513400e5732a264864a26847e71ac", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:jose, "~> 1.0", [hex: :jose, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "62378f4f34c8569cd95cc4e7463c56e9981c8afc83fdc516922065f0e1302a35"},
   "ueberauth_oidcc": {:hex, :ueberauth_oidcc, "0.4.0", "3fbfbc38735b4dba54ed8bf3e9b80f5054f73cc1ec9af6ae88b7886d25934768", [:mix], [{:oidcc, "~> 3.2.0", [hex: :oidcc, repo: "hexpm", optional: false]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.10", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "cdd8517d773cfe499c0b692f795f213b2eb33119afbec34aefd8be0a85c62b21"},
   "unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"},
   "vector": {:hex, :vector, "1.1.0", "0789b5e00e9c551d8d5880acab9a8f44ed46690d083af397018bf0c7f30c1092", [:mix], [], "hexpm", "48b0a800ec88e55b12c689b09100e4c9ba41ea1befb459221c085a4e70040696"},