0

I’m creating an app where a user can upload/remove a profile picture established to their account. I’ve seen numerous things on this but nothing quite fits my scenario.

I’m using Okta as the Idp and all user accounts are held within Okta Universal Directory. I was planning on using AWS for a lot of the backend infrastructure unrelated to login/authentication.

So this specific scenario, is the user uploading a profile picture, which would be stored in AWS s3 (a profile picture bucket with sub folders per user. Each folder contains history of profile pictures).

This is all public, no need for a specific restriction on reading. The problem comes in with restricting the update/delete/upload only being from the logged in user, or some type of administrator.

All AWS s3 examples I have seen show using AWS cognito or some other AWS product which is not the case here.

So my question is, am I going down the right path of using S3 to stored the pictures? Or am I better off storing them in my own DB? Or any other solution?

Football52
  • 31
  • 1
  • 7
  • In this tutorial, I show how you can store your avatar directly in Okta as a base64 encoded image. https://developer.okta.com/blog/2018/09/17/desktop-app-electron-authentication – Matt Raible Nov 25 '20 at 16:56
  • This helps, but doesn’t solve the problem of only the user being able to update the profile picture. Sure if it’s stored as a base64 string in an Okta attribute you can have Okta policies to restrict that, but if I were to store the image in an AWS S3 bucket with the Okta profile having a link to the image in the profile there is still a problem. – Football52 Nov 26 '20 at 04:30
  • Is this the only, or correct way of doing this? It does solve my problem, but I might not know enough about okta API’s for retrieving this value for read only of not being the authenticated user. Ex: I can see your avatar and you can see mine, but only I can update my own – Football52 Nov 26 '20 at 04:32
  • I was just hoping to show how you can add custom attributes to a user's profile. You could store a URL to an avatar image instead. Or you could store this information in a database and use the user's email (or another unique identifier) to look it up. – Matt Raible Nov 26 '20 at 18:33
  • what the knowledges you want to implement here are IAM Role Policy to have access into AWS resources e.g S3. And you should choose whether make the requests through SDK or API Gateway to uploading the picture. Basic knowledge of the S3 cors as well – Mahdi Ridho Nov 27 '20 at 09:52

0 Answers0