├── README.md ├── profile.js └── serverless.yml /README.md: -------------------------------------------------------------------------------- 1 | # AWS Node HTTP API with Cognito Authorizer 2 | 3 | This example demonstrates how you can use the new AWS HTTP API (Announced Dec. 2019) and the built in JSON Web Token Authorization it offers. In this case, I've shown how to do so using Amazon Cognito. 4 | 5 | For more details, and more information on how to use tools like Auth0 instead of Cognito, you can review the blog post [here](https://serverless.com/blog/serverless-auth-with-aws-http-apis). 6 | -------------------------------------------------------------------------------- /profile.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.get = (event, context, callback) => { 4 | console.log(context); 5 | console.log(event); 6 | const response = { 7 | statusCode: 200, 8 | body: JSON.stringify({ 9 | message: event, 10 | }), 11 | }; 12 | 13 | callback(null, response); 14 | }; 15 | 16 | module.exports.post = (event, context, callback) => { 17 | console.log(context); 18 | console.log(event); 19 | const response = { 20 | statusCode: 200, 21 | body: JSON.stringify({ 22 | message: 'Password sent.', 23 | }), 24 | }; 25 | 26 | callback(null, response); 27 | }; 28 | -------------------------------------------------------------------------------- /serverless.yml: -------------------------------------------------------------------------------- 1 | org: yourorg 2 | app: yourapp 3 | service: http-api-node 4 | 5 | provider: 6 | name: aws 7 | runtime: nodejs12.x 8 | environment: 9 | DOMAIN_SUFFIX: your-unique-suffix 10 | httpApi: 11 | authorizers: 12 | serviceAuthorizer: 13 | identitySource: $request.header.Authorization 14 | issuerUrl: 15 | Fn::Join: 16 | - '' 17 | - - 'https://cognito-idp.' 18 | - '${opt:region, self:provider.region}' 19 | - '.amazonaws.com/' 20 | - Ref: serviceUserPool 21 | audience: 22 | - Ref: serviceUserPoolClient 23 | functions: 24 | getProfileInfo: 25 | handler: profile.get 26 | events: 27 | - httpApi: 28 | method: GET 29 | path: /user/profile 30 | authorizer: serviceAuthorizer 31 | createProfileInfo: 32 | handler: profile.post 33 | events: 34 | - httpApi: 35 | method: POST 36 | path: /user/profile 37 | authorizer: serviceAuthorizer 38 | 39 | resources: 40 | Resources: 41 | HttpApi: 42 | DependsOn: serviceUserPool 43 | serviceUserPool: 44 | Type: AWS::Cognito::UserPool 45 | Properties: 46 | UserPoolName: service-user-pool-${opt:stage, self:provider.stage} 47 | UsernameAttributes: 48 | - email 49 | AutoVerifiedAttributes: 50 | - email 51 | serviceUserPoolClient: 52 | Type: AWS::Cognito::UserPoolClient 53 | Properties: 54 | ClientName: service-user-pool-client-${opt:stage, self:provider.stage} 55 | AllowedOAuthFlows: 56 | - implicit 57 | AllowedOAuthFlowsUserPoolClient: true 58 | AllowedOAuthScopes: 59 | - phone 60 | - email 61 | - openid 62 | - profile 63 | - aws.cognito.signin.user.admin 64 | UserPoolId: 65 | Ref: serviceUserPool 66 | CallbackURLs: 67 | - https://localhost:3000 68 | ExplicitAuthFlows: 69 | - ALLOW_USER_SRP_AUTH 70 | - ALLOW_REFRESH_TOKEN_AUTH 71 | GenerateSecret: false 72 | SupportedIdentityProviders: 73 | - COGNITO 74 | serviceUserPoolDomain: 75 | Type: AWS::Cognito::UserPoolDomain 76 | Properties: 77 | UserPoolId: 78 | Ref: serviceUserPool 79 | Domain: service-user-pool-domain-${opt:stage, self:provider.stage}-${self:provider.environment.DOMAIN_SUFFIX} 80 | --------------------------------------------------------------------------------