Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
api
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Serverless Auth

Collection of Cognito Auth examples using the User pool and Identity Pool.

The User Pool needs to be deployed first and then the JWKS URL needs to be updated in the auth function.

List of Auth Functions

Functions sit in /functions folder

Name Description Requires Identity Pool?
auth Provides basic authentication with a User Pool. Checks the aud claim, expiration and validity of the JWT. N

Deployment

With MFA enabled on the AWS account, we need to first grab a temporary session token and use it.

1 - Get an AWS Temporary Session Token:

pip install awsmfa
awsmfa -i <Profile>

2 - Optional Log Forwarder

If using the log forwarder, you can first implement and deploy using this template: Serverless Log Forwarder Template

3 - Run Serverless Deployment

    serverless deploy -v --aws-profile TEMPSESSION

Testing The Authenticated Endpoint

Sign in using AWS Amplify to grab the token. The token can be seen from:

let jwtToken = Auth.currentSession().then(function(result) {
    console.log(result);
});;

Then curl:

curl -v -H "Authorization: Bearer <TOKEN>" https://<redacted>.execute-api.ap-southeast-2.amazonaws.com/dev/authenticated

Clean Up

    serverless remove -v --aws-profile TEMPSESSION

References

Serverless Framework - the main framework used for writing and deploying lambda functions

AWS Amplify - for the UI SDK to sign up and sign in users.

Splunk Log Forwarder Blueprint - log aggregation

About

Using Cognito User Pool only with custom JWT authorizer function

Resources

Releases

No releases published

Packages

No packages published