Custom authorizer with cognito user pool service

bill · 2018-02-01 05:55:34 UTC

I have gone through several documents about cognito service, but still can’t get answer about how to manage cognito with custom authorizer.

I can create cognito user pool with above links. But I need know how to set custom authorizer handler (handler.js), do you have any samples for me?

authorizer:
  type: COGNITO_USER_POOLS
  id: tfnXXX
  identitySource: method.request.header.Authorization
  identityValidationExpression: someRegex

another sample I have:

github.com

serverless-projects/serverless-cognito-demo/blob/master/serverless.yml

service: serverless-cognito-demo

provider:
  name: aws
  runtime: nodejs4.3
  region: us-east-1

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: hello
          method: get
          integration: lambda
          authorizer:
            name: authorizer
            arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX
            claims:
              - email

      authorizer:
        name: authorizer
        arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX
        claims:
          - email

So how the cognito custom authorizer handler.js looks like?

bill · 2018-02-04 05:38:10 UTC

Updates

Seems the sample codes can be found in

github.com

serverless/examples/blob/master/aws-node-single-page-app-via-cloudfront/serverless.yml

service: single-page-app-via-cloudfront7

frameworkVersion: ">=1.2.0 <2.0.0"

plugins:
  - serverless-single-page-app-plugin

custom:
  s3Bucket: yourBucketName123

provider:
  name: aws
  runtime: nodejs4.3

resources:
  Resources:
    ## Specifying the S3 Bucket
    WebAppS3Bucket:
      Type: AWS::S3::Bucket
      Properties:

This file has been truncated. show original

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

bill · 2018-02-13 06:19:06 UTC

Did research on this for 2 weeks, I got big help from this repo, but I still have several questions.

I collect all of them with Cognito, will be appreciated if you give any words for help.

The codes in src/containers has login/signup modules to help end users to login with Cognito user pool accounts

After successfully login, src/Routes.js gives two options: /notes/new and /notes/:id which are mapped to two js files: src/containers/NewNote.js and src/containers/Note.js

These options are mapped to API Gateway event path (endpoint) with different methods:

  # apig path: https://<apigateway_url>/notes, method `POST`
  createNote(note) {
    return invokeApig({
      path: "/notes",
      method: "POST",
      body: note
    });
  }

  # apig path: https://<apigateway_url>/notes/{id}, method `GET`
  getNote() {
    return invokeApig({ path: `/notes/${this.props.match.params.id}` });
  }

  # apig path: https://<apigateway_url>/notes/{id}, method `DELETE`
  deleteNote() {
    return invokeApig({
      path: `/notes/${this.props.match.params.id}`,
      method: "DELETE"
    });
  }

  # apig path: https://<apigateway_url>/notes/{id}, method `PUT`
  saveNote(note) {
    return invokeApig({
      path: `/notes/${this.props.match.params.id}`,
      method: "PUT",
      body: note
    });
  }

If I have 50 endpoints (/note is an endpoint for me). Do I have to write 50 * 2 js files to handles these endpoints?
Are there any ways to accept endpoints as variables, so if the endpoint name is changed, I needn’t change the codes in Notes.js
How to support {proxy+} in path, such as notes/{proxy+}?
If I need control the permission that different groups to access different endpoint, how do you set the permission with Cognito groups to control it.

For example,

Group#1: endpoint1
userlist: tom, george.

Group#2: endpoint2
userlist: tom, john