Skip to content
Using Cognito User Pool only with custom JWT authorizer function
Go Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
api
functions split up the auth function and changed the repo to be examples for fu… Oct 1, 2018
resources
util
.gitignore
Gopkg.lock
Gopkg.toml
Makefile
README.md
serverless.yml

README.md

Serverless Auth

Collection of Cognito Auth examples using the User pool and Identity Pool.

The User Pool needs to be deployed first and then the JWKS URL needs to be updated in the auth function.

List of Auth Functions

Functions sit in /functions folder

Name Description Requires Identity Pool?
auth Provides basic authentication with a User Pool. Checks the aud claim, expiration and validity of the JWT. N

Deployment

With MFA enabled on the AWS account, we need to first grab a temporary session token and use it.

1 - Get an AWS Temporary Session Token:

pip install awsmfa
awsmfa -i <Profile>

2 - Optional Log Forwarder

If using the log forwarder, you can first implement and deploy using this template: Serverless Log Forwarder Template

3 - Run Serverless Deployment

    serverless deploy -v --aws-profile TEMPSESSION

Testing The Authenticated Endpoint

Sign in using AWS Amplify to grab the token. The token can be seen from:

let jwtToken = Auth.currentSession().then(function(result) {
    console.log(result);
});;

Then curl:

curl -v -H "Authorization: Bearer <TOKEN>" https://<redacted>.execute-api.ap-southeast-2.amazonaws.com/dev/authenticated

Clean Up

    serverless remove -v --aws-profile TEMPSESSION

References

Serverless Framework - the main framework used for writing and deploying lambda functions

AWS Amplify - for the UI SDK to sign up and sign in users.

Splunk Log Forwarder Blueprint - log aggregation

You can’t perform that action at this time.