bill
February 1, 2018, 5:55am
1
I have gone through several documents about cognito service, but still can’t get answer about how to manage cognito with custom authorizer.
I’m having trouble finding an example so forgive me if it’s my search skills that are lacking here, but has anybody sucessfully set up the Resources section in your serverless.yml file to construct User and Identity Pools automatically?
Really, I’m trying to automate what @fanjie and @jayair have done here:
The Serverless Framework documentation for AWS Lambda, API Gateway, EventBridge, DynamoDB and much more.
I can create cognito user pool with above links. But I need know how to set custom authorizer handler (handler.js), do you have any samples for me?
serverless:master ← johnf:cognito_authorizer
Not sure if you want to review this or even merge it until creation of the actua… l authorizer is supported by AWS.
Also need some thinking about the format of authorizer in serverless.yaml
Right now a custom authorizer looks like
``` yaml
# Refer to custom function
authorizer: authorizerFunc
# Refer to custom funcion with options
authorizer:
name: authorizerFunc
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
# Refer to existing lambda
authorizer: xxx:xxx:Lambda-Name
# Refer to existing lambda with options
authorizer:
arn: xxx:xxx:Lambda-Name
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
```
I would suggest pre 1.0 it might be worth switching to something like the following
``` yaml
# Refer to custom function
authorizer: CUSTOM:authorizerFunc
# Refer to custom funcion with options
authorizer:
name: authorizerFunc
type: CUSTOM
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
# Refer to existing lambda
authorizer: LAMBDA:xxx:xxx:Lambda-Name
# Refer to existing lambda with options
authorizer:
arn: xxx:xxx:Lambda-Name
type: LAMBDA
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
```
this will then allow to more easily differentiate from Web pools whch could look like
``` yaml
authorizer: COGNITO_USER_POOLS:tfnXXX
# or
authorizer:
type: COGNITO_USER_POOLS
id: tfnXXX
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
```
authorizer:
type: COGNITO_USER_POOLS
id: tfnXXX
identitySource: method.request.header.Authorization
identityValidationExpression: someRegex
another sample I have:
authorizer:
name: authorizer
arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX
claims:
- email
So how the cognito custom authorizer handler.js looks like?
1 Like
bill
February 4, 2018, 5:38am
2
Seems the sample codes can be found in
1 Like
bill
February 13, 2018, 6:19am
3
Did research on this for 2 weeks, I got big help from this repo , but I still have several questions.
I collect all of them with Cognito, will be appreciated if you give any words for help.
The codes in src/containers has login/signup modules to help end users to login with Cognito user pool accounts
After successfully login, src/Routes.js gives two options: /notes/new and /notes/:id which are mapped to two js files: src/containers/NewNote.js and src/containers/Note.js
These options are mapped to API Gateway event path (endpoint) with different methods:
# apig path: https://<apigateway_url>/notes, method `POST`
createNote(note) {
return invokeApig({
path: "/notes",
method: "POST",
body: note
});
}
# apig path: https://<apigateway_url>/notes/{id}, method `GET`
getNote() {
return invokeApig({ path: `/notes/${this.props.match.params.id}` });
}
# apig path: https://<apigateway_url>/notes/{id}, method `DELETE`
deleteNote() {
return invokeApig({
path: `/notes/${this.props.match.params.id}`,
method: "DELETE"
});
}
# apig path: https://<apigateway_url>/notes/{id}, method `PUT`
saveNote(note) {
return invokeApig({
path: `/notes/${this.props.match.params.id}`,
method: "PUT",
body: note
});
}
If I have 50 endpoints (/note is an endpoint for me). Do I have to write 50 * 2 js files to handles these endpoints?
Are there any ways to accept endpoints as variables, so if the endpoint name is changed, I needn’t change the codes in Notes.js
How to support {proxy+} in path, such as notes/{proxy+}?
If I need control the permission that different groups to access different endpoint, how do you set the permission with Cognito groups to control it.
For example,
Group#1: endpoint1
userlist: tom, george.
Group#2: endpoint2
userlist: tom, john