csepulv / auth-api-demo Goto Github PK
View Code? Open in Web Editor NEWSecuring Microservices on AWS with Cognito, API Gateway and Lambda Demo
License: MIT License
Securing Microservices on AWS with Cognito, API Gateway and Lambda Demo
License: MIT License
@csepulv - Thanks so much for the comprehensive tutorial and source code. You did a great job explaining everything, and I enjoyed following along. Did eventually successfully get the example running locally too :)
There were only four points wished to offer in the interests of sharing my experience:
1). In the aws-setup.md
, there is confusion about needing to tick the Client Secret option when setting up the Cognito User Pool Client.
You show a screenshot with the Generate Client Secret
ticked. This causes the /token
endpoint to break later on. If you do generate a client secret you must pass it with the client id on that endpoint (which the web app is not configured to do).
2). The aws-api
package.json script for creation of lambda/api gateway works well, however the update-api script is broken. It seems to expect the package.json file to reside at the base of the project (ie. one directory level higher than where it is now. I wonder whether when you bundled it inside aws-api
folder, it inadvertently broke it?
3). Would have welcomed a README inside the web-ui
directory (not the auto-generated create-react-app one) explaining each setting that the .env
file would need. For instance, some settings were really clear, but I had less certainty where to get the value for REACT_APP_OAUTH_DOMAIN
, REACT_APP_API_HOST
and REACT_APP_API_KEY
. It's like anything, the extra work actually forced me to think through the issues and I got a better learning experience as a result. But, if you're looking for a smooth tutorial with no sweat, then that would add value.
4). Would have really welcomed some prose on the auth flow itself. We just ticked accept implicit grant and authorization grant flows, opted to use hosted UI and that was it. Given we have a SPA app (using React.js), but we're using a Hosted UI for the Identity Provider piece, it was less clear precisely what your overall upfront design was. Plus Cognito adds its own magic with tokens, and credentials etc so more information here would have been helpful. Make sense?
Again, thanks so much. Great Cognito samples with solid documentation seem to be in short supply and I found this a great start.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.