Registration/Sign Up

Owned by WayGee Ho (Unlicensed)
Last updated: Aug 19, 2022 by Jonathan Cohen
5 min read

Registration

USTA’s implementation of Cognito introduces a 2 step registration process (Cognito Native and Lightweight Account Registration). Due to limitations with customizing the Cognito Hosted Registration page, the approach taken is to break up registration into two steps.

Note: Step 2 of the registration process must be completed within one hour. Accounts created in Cognito that have not been completed within one hour will be deleted.

The proposed UX flow would work in the following way:

  1. Client Public Page - User visits USTA.com, clicks on the login link

  2. Cognito Hosted Login - Gets redirected to Hosted Login Page, clicks on sign up

  3. Cognito Hosted Registration - Gets redirected to Hosted Registration, Enters Email and Password

  4. USTA Lightweight Registration Page - Gets redirected to the lightweight registration page, completes the registration

  5. Client Secure Landing Page - Gets redirected to logged in secure landing page

 

Please refer to the sequence diagrams for the technical flow

Approach

Before you begin the development of your browser-based application, contact USTA to discuss what data you will need to access from USTA.  Credentials will be issued for use to connect via HTTP.

Credentials:

  1. client id

  2. client secret

USTA Admin will register your application as a client in the Cognito configuration.

Add a link in the form of:

https://stage-account.usta.com /login?
client_id=[your_client_id]&
response_type=code&
scope=openid+email+profile+api-customer/customer:read&
state=29ca0dd4-966d-400d-9abc-570568f5c339&
redirect_uri=[your_redirect_uri]

When the token for the authorized customer is needed Client API application needs to follow typical OAuth 2.0 flow using authorization code grant type. To perform such flow Client API should be registered in the USTA authentication service and should have valid:

  • clientId - generated for every API Client during registration

  • secret - generated for every API Client during registration

  • callbackUri - an endpoint where authorization code will be passed after successful login - should be configured for all clients

  • state - a random generated value such as UUID to prevent CSRF attacks. ie '29ca0dd4-966d-400d-9abc-570568f5c339'

curl --request POST 'https://stage-account.usta.com/login' \ --data-urlencode 'client_id=1la1cpfbluheh4jkr8dsvdgr32' \ --data-urlencode 'response_type=code' \ --data-urlencode 'scope=api-customer/customer:read+aws.cognito.signin.user.admin+email+openid+profile' \ --data-urlencode 'state=29ca0dd4-966d-400d-9abc-570568f5c339' \ --data-urlencode 'redirect_uri=http://localhost:8000/logged_in.html'

To perform login as a customer, API Client application should follow such steps:

  1. Client App redirect to login or authorize URLs:

     

    • https://stage-account.usta.com /oauth2/authorize - can be used if application should NOT ask the customer if they want to continue as a current, logged-in user (from SSO session) - user will be logged-in automatically if SSO session is in place with url parameters:

    • client_id={clientId} - mandatory, for example: 25idmdru0ucur4loa3hklcvpsa

    • response_type=code - mandatory

    • scope={requested scopes} - optional, if empty, all required scopes will be assigned to the token

    • state - a random generated value such as UUID to prevent CSRF attacks. ie '29ca0dd4-966d-400d-9abc-570568f5c339'

    • redirect_uri={callbackUri} - mandatory, for example: https://www.usta.com/idpresponse

  2. After redirection customer can sign in or sign up using the email address and password or Facebook account:

     

Add Logic to Client Secure Landing Page

The Lightweight registration screen will perform USTA validations including duplicate account check as part of its functionality.

Working with JWT Tokens

JWT tokens are encrypted JSON format and contain fields called claims. Once you generate an Access Token, you can examine the contents at http://jwt.io . This is a valuable debugging tool.