Authentication & Security

DailyDesk utilizes AWS Cognito for secure and scalable identity management. The system is architected with a dual user-pool strategy to strictly separate internal staff (Admins) from end-users (Customers).

Cognito User Pools

1. Default Pool (Internal/Admin)

This pool is dedicated to the operational staff and administrators of the DailyDesk platform and individual salons.

• Target Audience: Platform Admins, Salon Managers, Staff.
• Authentication Flow:
  • Credential: Email Address (email) + Password.
  • Mechanism: Standard Cognito User Password Auth.
• Key Attributes:
  • email: Primary identifier.
• Functional Usage:
  • Used for accessing the Admin Portal.
  • Grants permissions to manage salon configurations, view appointments, and handle business reporting.

2. Customer Pool (End Users)

This pool is dedicated to the external customers who book services at the salons.

• Target Audience: Salon Customers.
• Authentication Flow:
  • Credential: Username (cognitoUsername) + Password.
  • Mechanism: Standard Cognito User Password Auth.
• Key Attributes:
  • email: For notifications.
  • phone_number: For SMS reminders.
  • custom:salon_id: CRITICAL. Scopes the user to a specific salon tenant.
• Functional Usage:
  • Used for accessing the Online Booking App.
  • Allows customers to view their history, manage upcoming appointments, and update their profile.

Functional Separation

The backend services (CognitoService) distinguish between these users via distinct methods and configuration parameters:

• Configuration: The app loads two separate Pool IDs (userPoolId vs customerPoolId) and Client IDs (clientId vs customerClientId) from the environment.
• Logic:
  • login(): Authenticates against the Default Pool (Email).
  • customerLogin(): Authenticates against the Customer Pool (Username).
• Tenancy: The custom:salon_id attribute in the Customer Pool enforces data isolation, ensuring a customer's interactions are strictly bound to the correct salon context.