{"id":24797232,"url":"https://github.com/plotlabs/cognises-flask","last_synced_at":"2025-12-14T07:58:37.769Z","repository":{"id":50206243,"uuid":"131982021","full_name":"plotlabs/cognises-flask","owner":"plotlabs","description":"Flask Cognises: AWS Cognito group based authorization with user management","archived":false,"fork":false,"pushed_at":"2022-12-08T02:11:36.000Z","size":17,"stargazers_count":15,"open_issues_count":5,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-09-05T19:05:50.678Z","etag":null,"topics":["aws-cognito","boto3","cognito-client","cognito-user-pool","decorator-checks","decorators","flask","iam-role","python"],"latest_commit_sha":null,"homepage":"https://www.plotlabs.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/plotlabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-03T10:52:58.000Z","updated_at":"2025-02-06T14:19:12.000Z","dependencies_parsed_at":"2023-01-25T03:15:23.350Z","dependency_job_id":null,"html_url":"https://github.com/plotlabs/cognises-flask","commit_stats":null,"previous_names":["plotlabs/cognises"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/plotlabs/cognises-flask","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plotlabs%2Fcognises-flask","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plotlabs%2Fcognises-flask/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plotlabs%2Fcognises-flask/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plotlabs%2Fcognises-flask/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/plotlabs","download_url":"https://codeload.github.com/plotlabs/cognises-flask/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plotlabs%2Fcognises-flask/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27722541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-14T02:00:11.348Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-cognito","boto3","cognito-client","cognito-user-pool","decorator-checks","decorators","flask","iam-role","python"],"created_at":"2025-01-30T01:18:50.043Z","updated_at":"2025-12-14T07:58:37.725Z","avatar_url":"https://github.com/plotlabs.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Flask Cognises: AWS Cognito Group Based Authorization\n\n[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/plotlabs/cognises-flask/blob/master/LICENSE.txt) [![Build Status](https://travis-ci.org/plotlabs/cognises-flask.svg?branch=master)](https://travis-ci.org/plotlabs/cognises-flask) [![CodeFactor](https://www.codefactor.io/repository/github/plotlabs/cognises-flask/badge/master)](https://www.codefactor.io/repository/github/plotlabs/cognises-flask/overview/master) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://www.plotlabs.io/) [![PyPI](https://img.shields.io/pypi/v/cognises.svg)](https://pypi.org/project/cognises/)\n\nThis package gives the developer fine grain control over their users through **Group based Permission Using AWS Cognito**, including python middlewares(decorators) called **login_check**, for checking if the user is logged in through AWS Cognito and another middleware called **permission_required** which checks the route access permissions for that user .\n\n**Note:** This package is built essentially for usage within a Flask application.\n\n## Installation\n\nThe package can be installed using the pip install command:\n\n```console\npip install cognises\n```\n\n## How To Setup\n\n### 1) Create a group within a user pool\n\n**The create_update function allows:**\n\n* creation of new iam role and a new cognito user pool group and links the user pool group to the newly created iam role.\n* updation of the role policy of the role already linked to a user group\n\n**The function takes 4 arguments:**\n\n* **group_detail** [Required] - It is a json object that contains details for one or more groups. Each group has a created attribute which takes two values:\n  -- **true**: Specifies that the group is already created and implements the update part of the function which updates the role policy.\n  -- **false**: Specifies that a new group has to be created and implements the creation part of the function to create a new iam role and a new cognito user pool group.\n\n**The format of the json object is:**\n\n```json\n[\n  {\n    \"group_name\": \"Group1\",\n    \"group_policy\": {\n      \"Version\": \"2012-10-17\",\n      \"Statement\": [\n        {\n          \"Sid\": \"Stmt1524591948858\",\n          \"Action\": \"cognito-idp:*\",\n          \"Effect\": \"Allow\",\n          \"Resource\": \"arn:aws:cognito-idp:us-east-1:userid:userpool/pool_id\"\n        }\n      ]\n    },\n    \"created\": \"false\",\n    \"allowed_functions\": [\"protected\", \"admin_panel\", \"update_data\"]\n  },\n  {\n    \"group_name\": \"String\",\n    \"group_policy\": {\n      \"Version\": \"2012-10-17\",\n      \"Statement\": [\n        {\n          \"Sid\": \"Stmt1524591948858\",\n          \"Action\": \"cognito-idp:*\",\n          \"Effect\": \"Allow\",\n          \"Resource\": \"arn:aws:cognito-idp:us-east-1:userid:userpool/pool_id\"\n        }\n      ]\n    },\n    \"created\": \"false\",\n    \"allowed_functions\": [\"public\", \"view_data\"]\n  }\n]\n```\n\n**Note:** The group_policy is the aws policy for the role attached to that group. Refer to the following link to generate your fine-controlled policies: [AWS Policy Generator](https://awspolicygen.s3.amazonaws.com/policygen.html)\n\n* **iam_client** [Required] - The boto3 iam client.\n\n  ```python\n  python boto3.client('iam', 'aws_region', 'aws_access_key_id', 'aws_secret_access_key')\n  ```\n\n* **cognito_client** [Required] - The boto3 aws cognito-idp client.\n\n  ```python\n  python boto3.client('cognito-idp', 'aws_region', 'aws_access_key_id', 'aws_secret_access_key')\n  ```\n\n* **cognito_pool_id** - The aws cognito user pool id. It is required when a new group has to be created. In case of updating already existing group, this argument is not required.\n\n**Example usage:**\n\n```python\nimport boto3\nimport os\nfrom flask import json\nfrom cognises import create_update\n\niam_client = boto3.client('iam', 'aws_region', 'aws_access_key_id', 'aws_secret_access_key')\ncognito_client = boto3.client('cognito-idp', 'aws_region', 'aws_access_key_id', 'aws_secret_access_key')\n\nscript_dir = os.path.dirname(__file__)\nfile_name = \"group_detail.json\"\nabs_file_path = os.path.join(script_dir, file_name)\ndata = json.load(open(abs_file_path))\n\ncreate_update(data, iam_client, cognito_client, 'cognito_pool_id')\n```\n\n### 2) login_check decorator\n\nThis decorator checks if the user already has a valid AWS Cognito token or not to access the route, and works much like @login_required decorator in Flask.\nIt takes 2 arguments:\n\n* **cognito_pool_region** [Required] - The region in which the cognito user pool is created in\n* **cognito_pool_id** [Required] - The id of the cognito user pool\n\n**Example usage:**\n\n```python\nfrom cognises import login_check\n\n@app.route('/protected', methods=['GET','POST'])\n@login_check('cognito_pool_region', 'cognito_pool_id')\ndef protected(response):\n\tif response['status'] == 200:\n\t\treturn response['user_email']\n\telse:\n\t\treturn response['message']\n```\n\n### 3) permission_required decorator\n\nThis decorator checks whether the user can access the route. It is used along with the login_check decorator and checks whether the route is present in the allowed functions for the cognito user pool group to which the user belongs and restricts the access for the user if the route in not present in it.\nIt takes the **group_detail** argument which is json object that contains details for one or more groups. It has the same structure described in point 1.\n\n**Example usage:**\n\n```python\nfrom cognises import login_check, permission_required\n\n@app.route('/protected', methods=['GET','POST'])\n@login_check('cognito_pool_region', 'cognito_pool_id')\n@permission_required(group_details)\ndef protected(response):\n\tif response['status'] == 200:\n\t\treturn response['user_email']\n\telse:\n\t\treturn response['message']\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplotlabs%2Fcognises-flask","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fplotlabs%2Fcognises-flask","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplotlabs%2Fcognises-flask/lists"}