Serverless Authorization example with JWT and AWS Custom Authorizers
Switch branches/tags
Nothing to show
Clone or download
Yos Riady
Yos Riady Fix issues
Latest commit 259f221 Jul 10, 2017
Permalink
Failed to load latest commit information.
functions Fix issues Jul 11, 2017
lib Fix issues Jul 11, 2017
.eslintignore login Jul 7, 2017
.eslintrc.json login Jul 7, 2017
.gitignore login Jul 7, 2017
README.md authorize Jul 8, 2017
package.json login Jul 7, 2017
secrets.json.example login Jul 7, 2017
serverless.yml authorize Jul 8, 2017
yarn.lock login Jul 7, 2017

README.md

Serverless Auth

Pangolins are a protected species!

Pangolins are protected species!

This is a serverless authorization example using JSON Web Tokens (JWTs.) It has three endpoints:

  • GET /cats is a public endpoint anyone can access.
  • GET /pangolins is a private endpoint, protected by an AWS Custom Authorizer.
  • POST /sessions is a login endpoint. Pass a valid username and password in a JSON request body to get a JWT (see /lib/users.js for valid combinations.) For example:
{
	"username": "Cthon98",
	"password": "hunter2"
}

In order to pass the authentication check, you will need to supply a valid JWT in your Authorization request header when making calls to a protected endpoint.

In order to pass the authorization check, you will need a JWT belonging to a user with valid permissions. For this example, the user Cthon98 is authorized to access GET /pangolins; AzureDiamond is not.

Setup

Prerequisites

Install dependencies

yarn

Running Tests

yarn test

Get Test coverage

yarn test:coverage

Lint

yarn eslint

Running locally

serverless offline start

Deploy

serverless deploy