bill
February 1, 2018, 5:55am
#1
I have gone through several documents about cognito service, but still can’t get answer about how to manage cognito with custom authorizer.
I’m having trouble finding an example so forgive me if it’s my search skills that are lacking here, but has anybody sucessfully set up the Resources section in your serverless.yml file to construct User and Identity Pools automatically?
Really, I’m trying to automate what @fanjie and @jayair have done here:
The Serverless Framework documentation for AWS Lambda, API Gateway, EventBridge, DynamoDB and much more.
I can create cognito user pool with above links. But I need know how to set custom authorizer handler (handler.js), do you have any samples for me?
serverless:master
← johnf:cognito_authorizer
opened 10:25AM - 15 Sep 16 UTC
## What did you implement:
**_Implementing Issue:**_ #1949
## How did you imple… ment it:
If a cognito user pool arn is passed in, we spit out the right cloudformation
## How can we verify it:
See the addition to the docs for an example.
## Todos:
- [x] Write tests
- [x] Write documentation
- [x] Fix linting errors
- [x] Make sure code coverage hasn't dropped
- [x] Provide verification config/commands/resources
- [x] Leave a comment that this is ready for review once you've finished the implementation
authorizer:
type: COGNITO_USER_POOLS
id: tfnXXX
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
another sample I have:
authorizer:
name: authorizer
arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX
claims:
- email
So how the cognito custom authorizer handler.js looks like?
1 Like
bill
February 4, 2018, 5:38am
#2
Updates
Seems the sample codes can be found in
1 Like
bill
February 13, 2018, 6:19am
#3
Did research on this for 2 weeks, I got big help from this repo , but I still have several questions.
I collect all of them with Cognito, will be appreciated if you give any words for help.
The codes in src/containers has login/signup modules to help end users to login with Cognito user pool accounts
After successfully login, src/Routes.js gives two options: /notes/new
and /notes/:id
which are mapped to two js files: src/containers/NewNote.js
and src/containers/Note.js
These options are mapped to API Gateway event path (endpoint) with different methods:
# apig path: https://<apigateway_url>/notes, method `POST`
createNote(note) {
return invokeApig({
path: "/notes",
method: "POST",
body: note
});
}
# apig path: https://<apigateway_url>/notes/{id}, method `GET`
getNote() {
return invokeApig({ path: `/notes/${this.props.match.params.id}` });
}
# apig path: https://<apigateway_url>/notes/{id}, method `DELETE`
deleteNote() {
return invokeApig({
path: `/notes/${this.props.match.params.id}`,
method: "DELETE"
});
}
# apig path: https://<apigateway_url>/notes/{id}, method `PUT`
saveNote(note) {
return invokeApig({
path: `/notes/${this.props.match.params.id}`,
method: "PUT",
body: note
});
}
If I have 50 endpoints (/note is an endpoint for me). Do I have to write 50 * 2 js files to handles these endpoints?
Are there any ways to accept endpoints as variables, so if the endpoint name is changed, I needn’t change the codes in Notes.js
How to support {proxy+} in path, such as notes/{proxy+}
?
If I need control the permission that different groups to access different endpoint, how do you set the permission with Cognito groups to control it.
For example,
Group#1: endpoint1
userlist: tom, george.
Group#2: endpoint2
userlist: tom, john