From 45bef9ba30d1201c5a85fb328c7031536313718a Mon Sep 17 00:00:00 2001 From: Jay Date: Mon, 1 Mar 2021 17:43:16 -0500 Subject: [PATCH] Fixing auth examples --- ...uth0-authentication-to-a-serverless-api.md | 17 +++--------- ...nito-authentication-to-a-serverless-api.md | 17 +++--------- ...book-authentication-to-a-serverless-api.md | 17 +++--------- ...ogle-authentication-to-a-serverless-api.md | 17 +++--------- ...tter-authentication-to-a-serverless-api.md | 17 +++--------- _includes/hero.html | 27 ++++++++++--------- 6 files changed, 30 insertions(+), 82 deletions(-) diff --git a/_examples/how-to-add-auth0-authentication-to-a-serverless-api.md b/_examples/how-to-add-auth0-authentication-to-a-serverless-api.md index d0e75eef8..f6b8089bd 100644 --- a/_examples/how-to-add-auth0-authentication-to-a-serverless-api.md +++ b/_examples/how-to-add-auth0-authentication-to-a-serverless-api.md @@ -57,7 +57,6 @@ Let's start by setting up an API. ``` js import * as cdk from "@aws-cdk/core"; -import * as iam from "@aws-cdk/aws-iam"; import * as sst from "@serverless-stack/resources"; export default class MyStack extends sst.Stack { @@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack { // Create Api const api = new sst.Api(this, "Api", { - defaultAuthorizationType: "AWS_IAM", + defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM, routes: { "GET /private": "src/private.main", "GET /public": { - authorizationType: "NONE", function: "src/public.main", + authorizationType: sst.ApiAuthorizationType.NONE, }, }, }); @@ -100,8 +99,6 @@ Now let's add authentication for our serverless app. {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `domain` and `clientId` with that of your Auth0 app. ``` js -const { account, region } = sst.Stack.of(this); - // Create auth provider const auth = new sst.Auth(this, "Auth", { auth0: { @@ -111,15 +108,7 @@ const auth = new sst.Auth(this, "Auth", { }); // Allow authenticated users invoke API -auth.attachPermissionsForAuthUsers([ - new iam.PolicyStatement({ - actions: ["execute-api:Invoke"], - effect: iam.Effect.ALLOW, - resources: [ - `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`, - ], - }), -]); +auth.attachPermissionsForAuthUsers([api]); new cdk.CfnOutput(this, "IdentityPoolId", { value: auth.cognitoCfnIdentityPool.ref, diff --git a/_examples/how-to-add-cognito-authentication-to-a-serverless-api.md b/_examples/how-to-add-cognito-authentication-to-a-serverless-api.md index 705c5d2f8..211d1a4a9 100644 --- a/_examples/how-to-add-cognito-authentication-to-a-serverless-api.md +++ b/_examples/how-to-add-cognito-authentication-to-a-serverless-api.md @@ -56,7 +56,6 @@ Let's start by setting up an API. ``` js import * as cdk from "@aws-cdk/core"; -import * as iam from "@aws-cdk/aws-iam"; import * as sst from "@serverless-stack/resources"; export default class MyStack extends sst.Stack { @@ -65,12 +64,12 @@ export default class MyStack extends sst.Stack { // Create Api const api = new sst.Api(this, "Api", { - defaultAuthorizationType: "AWS_IAM", + defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM, routes: { "GET /private": "src/private.main", "GET /public": { - authorizationType: "NONE", function: "src/public.main", + authorizationType: sst.ApiAuthorizationType.NONE, }, }, }); @@ -97,8 +96,6 @@ By default, all routes have the authorization type `AWS_IAM`. This means the cal {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. ``` js -const { account, region } = sst.Stack.of(this); - // Create auth provider const auth = new sst.Auth(this, "Auth", { cognito: { @@ -107,15 +104,7 @@ const auth = new sst.Auth(this, "Auth", { }); // Allow authenticated users to invoke the API -auth.attachPermissionsForAuthUsers([ - new iam.PolicyStatement({ - actions: ["execute-api:Invoke"], - effect: iam.Effect.ALLOW, - resources: [ - `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`, - ], - }), -]); +auth.attachPermissionsForAuthUsers([api]); new cdk.CfnOutput(this, "UserPoolId", { value: auth.cognitoUserPool.userPoolId, diff --git a/_examples/how-to-add-facebook-authentication-to-a-serverless-api.md b/_examples/how-to-add-facebook-authentication-to-a-serverless-api.md index 5afe79200..e4b02e06f 100644 --- a/_examples/how-to-add-facebook-authentication-to-a-serverless-api.md +++ b/_examples/how-to-add-facebook-authentication-to-a-serverless-api.md @@ -57,7 +57,6 @@ Let's start by setting up an API. ``` js import * as cdk from "@aws-cdk/core"; -import * as iam from "@aws-cdk/aws-iam"; import * as sst from "@serverless-stack/resources"; export default class MyStack extends sst.Stack { @@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack { // Create Api const api = new sst.Api(this, "Api", { - defaultAuthorizationType: "AWS_IAM", + defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM, routes: { "GET /private": "src/private.main", "GET /public": { - authorizationType: "NONE", function: "src/public.main", + authorizationType: sst.ApiAuthorizationType.NONE, }, }, }); @@ -100,23 +99,13 @@ Now let's add authentication for our serverless app. {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `appId` with that of your Facebook app. ``` js -const { account, region } = sst.Stack.of(this); - // Create auth provider const auth = new sst.Auth(this, "Auth", { facebook: { appId: "419718329085014" }, }); // Allow authenticated users invoke API -auth.attachPermissionsForAuthUsers([ - new iam.PolicyStatement({ - actions: ["execute-api:Invoke"], - effect: iam.Effect.ALLOW, - resources: [ - `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`, - ], - }), -]); +auth.attachPermissionsForAuthUsers([api]); new cdk.CfnOutput(this, "IdentityPoolId", { value: auth.cognitoCfnIdentityPool.ref, diff --git a/_examples/how-to-add-google-authentication-to-a-serverless-api.md b/_examples/how-to-add-google-authentication-to-a-serverless-api.md index 9d01bd628..59f319326 100644 --- a/_examples/how-to-add-google-authentication-to-a-serverless-api.md +++ b/_examples/how-to-add-google-authentication-to-a-serverless-api.md @@ -57,7 +57,6 @@ Let's start by setting up an API. ``` js import * as cdk from "@aws-cdk/core"; -import * as iam from "@aws-cdk/aws-iam"; import * as sst from "@serverless-stack/resources"; export default class MyStack extends sst.Stack { @@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack { // Create Api const api = new sst.Api(this, "Api", { - defaultAuthorizationType: "AWS_IAM", + defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM, routes: { "GET /private": "src/private.main", "GET /public": { - authorizationType: "NONE", function: "src/public.main", + authorizationType: sst.ApiAuthorizationType.NONE, }, }, }); @@ -100,8 +99,6 @@ Now let's add authentication for our serverless app. {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `clientId` with that of your Google API project. ``` js -const { account, region } = sst.Stack.of(this); - // Create auth provider const auth = new sst.Auth(this, "Auth", { google: { @@ -111,15 +108,7 @@ const auth = new sst.Auth(this, "Auth", { }); // Allow authenticated users invoke API -auth.attachPermissionsForAuthUsers([ - new iam.PolicyStatement({ - actions: ["execute-api:Invoke"], - effect: iam.Effect.ALLOW, - resources: [ - `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`, - ], - }), -]); +auth.attachPermissionsForAuthUsers([api]); new cdk.CfnOutput(this, "IdentityPoolId", { value: auth.cognitoCfnIdentityPool.ref, diff --git a/_examples/how-to-add-twitter-authentication-to-a-serverless-api.md b/_examples/how-to-add-twitter-authentication-to-a-serverless-api.md index 0e8b3f29e..0aa8d9dcb 100644 --- a/_examples/how-to-add-twitter-authentication-to-a-serverless-api.md +++ b/_examples/how-to-add-twitter-authentication-to-a-serverless-api.md @@ -57,7 +57,6 @@ Let's start by setting up an API. ``` js import * as cdk from "@aws-cdk/core"; -import * as iam from "@aws-cdk/aws-iam"; import * as sst from "@serverless-stack/resources"; export default class MyStack extends sst.Stack { @@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack { // Create Api const api = new sst.Api(this, "Api", { - defaultAuthorizationType: "AWS_IAM", + defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM, routes: { "GET /private": "src/private.main", "GET /public": { - authorizationType: "NONE", function: "src/public.main", + authorizationType: sst.ApiAuthorizationType.NONE, }, }, }); @@ -100,8 +99,6 @@ Now let's add authentication for our serverless app. {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `consumerKey` and `consumerSecret` with that of your Twitter app. ``` js -const { account, region } = sst.Stack.of(this); - // Create auth provider const auth = new sst.Auth(this, "Auth", { twitter: { @@ -111,15 +108,7 @@ const auth = new sst.Auth(this, "Auth", { }); // Allow authenticated users invoke API -auth.attachPermissionsForAuthUsers([ - new iam.PolicyStatement({ - actions: ["execute-api:Invoke"], - effect: iam.Effect.ALLOW, - resources: [ - `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`, - ], - }), -]); +auth.attachPermissionsForAuthUsers([api]); new cdk.CfnOutput(this, "IdentityPoolId", { value: auth.cognitoCfnIdentityPool.ref, diff --git a/_includes/hero.html b/_includes/hero.html index 5b7c3c91f..28906119c 100644 --- a/_includes/hero.html +++ b/_includes/hero.html @@ -254,40 +254,43 @@

Queue

1 const api = new sst.Api(this, "Api", {
- 2  defaultAuthorizationType: "AWS_IAM", + 2  defaultAuthorizationType:
- 3  routes: { + 3    sst.ApiAuthorizationType.AWS_IAM,
- 4    "GET /private": "src/private.main" + 4  routes: {
- 5  } + 5    "GET /private": "src/private.main"
- 6}); + 6  }
- 7  + 7});
- 8 const auth = new sst.Auth(this, "Auth", { + 8 
- 9  facebook: { appId: "419718329085014" } + 9 const auth = new sst.Auth(this, "Auth", {
- 10}); + 10  facebook: { appId: "419718329085014" }
- 11  + 11}); +
+
+ 12 
- 12// Allow auth users to access the API + 13// Allow auth users to access the API
- 13auth.attachPermissionsForAuthUsers([/* api */]); + 14auth.attachPermissionsForAuthUsers([api]);