Auth
Sign in to Tower Control
Sign in with your Cognito email and password.
Cognito auth, DB user sync, and project-aware roles.
This page now covers the full first auth slice: sign in, handle the new-password challenge, validate access tokens against the backend, sync the Tower Control user record, and assign project roles from an admin panel.
Admin
Project-aware role assignment
Create a project, then assign a project-aware role to a user already known to Cognito.
- Email/password sign-in runs through Cognito.
- JWT access tokens are sent to the backend on every protected request.
- First login challenge is handled without CLI intervention.
- Roles are loaded from Tower Control DB, not Cognito groups.
- Role assignment happens through the app UI and backend API.
- Password reset uses Cognito's email-based recovery flow.
- SSO can be added later without changing DB role storage.