Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Boilerplate feels incomplete (restricted area with cognito user pool authorization needed) #29

Open
kidsil opened this issue Jan 23, 2017 · 8 comments

Comments

@kidsil
Copy link
Contributor

kidsil commented Jan 23, 2017

Hey,
I've been working with this boilerplate on and off, but it feels incomplete.
Now that API Gateway allows Authorization via Cognito User Pools, I feel like there should be an example included of a restricted zone that is only accessible via a user pool user.

Serverless.yml supports this type of authorization, but I couldn't get it to work myself (otherwise I would've sent a Pull Request..).

@laardee
Copy link
Owner

laardee commented Jan 23, 2017

@kidsil I've thought about it also and that would be a great feature. How far did you manage to implement it?

@kidsil
Copy link
Contributor Author

kidsil commented Jan 23, 2017

Sadly not very far, I've tried over and over again to get a request through the Authorizer (following the docs) without any luck.

That's how the events portion of my main/serverless.yml config file looks like:

    events:
      - http:
          path: restricted
          method: get
          cors: true
          integration: lambda
          authorizer:
            arn: arn:aws:cognito-idp:AWS_REGION:AWS_ACCOUNT_ID:userpool/AWS_USERPOOL_ID
            resultTtlInSeconds: 0
            claims:
              - email
              - name
            identitySource: method.request.header.Authorization
            identityValidationExpression: .*

This might be useful, couldn't get much out of it though..

@laardee
Copy link
Owner

laardee commented Jan 25, 2017

thanks, I'll try to take some time for this soon.

@kidsil
Copy link
Contributor Author

kidsil commented Jan 26, 2017

@laardee I have a rough code sample done that is able to grab the Token ID (and Refresh Token, and Access Token) JWT: https://gist.github.com/kidsil/cb0112e912960f517d88c586e333bdc3

The only thing that's still not working is getting through the API Gateway Authorize (tried to use Header: Authorization: JWT_TOKEN, didn't work)

@kidsil
Copy link
Contributor Author

kidsil commented Jan 27, 2017

Got it to work! Will update soon with a complete solution! The bug I had was somewhat unrelated: serverless/serverless#3088

@laardee
Copy link
Owner

laardee commented Jan 27, 2017

Great!

@kidsil
Copy link
Contributor Author

kidsil commented Jan 28, 2017 via email

@kidsil
Copy link
Contributor Author

kidsil commented Jan 29, 2017

Is the AuthorizationToken generated here https://github.com/laardee/serverless-authentication/blob/master/lib/utils.js#L112 related to the Authorization Token that is required by AWS API Gateway (when using User Pool Authorization)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants