Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth #36

Closed
nzoschke opened this issue Mar 4, 2018 · 4 comments
Closed

Auth #36

nzoschke opened this issue Mar 4, 2018 · 4 comments

Comments

@nzoschke
Copy link
Owner

nzoschke commented Mar 4, 2018

I plan to port an OAuth / JWT example over.

One question is how to get the OAuth redirect url. Perhaps you can generate it from the Request:

2018/03/04 18:26:03 EVENT: {Resource:/auth Path:/auth HTTPMethod:GET Headers:map[Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Language:en-US,en;q=0.9 Host:jkpyz7xxxx.execute-api.us-west-2.amazonaws.com X-Amzn-Trace-Id:Root=1-5a9c3a3b-90b30f21a64603017bc3891e X-Forwarded-Proto:https X-Forwarded-For:73.92.1.8, 205.251.214.101 Accept-Encoding:gzip, deflate, br CloudFront-Is-Desktop-Viewer:true CloudFront-Viewer-Country:US Via:2.0 3cc911e7eb2df956e3f7c8f27c19xxxx.cloudfront.net (CloudFront) X-Amz-Cf-Id:c-rDYArkjqKDPoUwiTCMgHEj29egDuMOiVLX-v-vLjCm_i51DYoASQ== CloudFront-Forwarded-Proto:https CloudFront-Is-SmartTV-Viewer:false CloudFront-Is-Tablet-Viewer:false User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36 CloudFront-Is-Mobile-Viewer:false upgrade-insecure-requests:1 X-Forwarded-Port:443] QueryStringParameters:map[] PathParameters:map[] StageVariables:map[] RequestContext:{AccountID:XXXXXXXXXXXX ResourceID:mh6gbm Stage:Prod RequestID:7ee1c72a-1fd9-11e8-8695-f9317416d457 Identity:{CognitoIdentityPoolID: AccountID: CognitoIdentityID: Caller: APIKey: SourceIP:73.92.1.8 CognitoAuthenticationType: CognitoAuthenticationProvider: UserArn: UserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36 User:} ResourcePath:/auth Authorizer:map[] HTTPMethod:GET APIID:jkpyz7xxxx} Body: IsBase64Encoded:false}
@mwarkentin
Copy link

Would cognito fit in here for Auth?

@nzoschke
Copy link
Owner Author

nzoschke commented Mar 4, 2018

I'm not sure...

So far every app I've built uses an OAuth provider (e.g. Okta, Google, GitHub). For these I have an /auth functions that does the OAuth exchange, the gives the client a JWT. Then I add a JWT check to protected functions.

This alone feels like another great example to add to the boilerplate and document.

I've never used Cognito. Would it make the above any easier or more demonstrative?

I do anticipate needing Okta-backed SAML for some APIs someday. Would Cognito help here?

@mwarkentin
Copy link

Honestly not sure, it’s one of those services that I’ve been aware of for a while now but haven’t had an opportunity to try out.

The JWT stuff sounds interesting too. 😁

@nzoschke nzoschke mentioned this issue Mar 18, 2018
Merged
4 tasks
@nzoschke
Copy link
Owner Author

Closed in #45

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mwarkentin @nzoschke