Tutorial: How to add security to a REST API using JWT Authorizers and Amazon Cognito

Tutorial: How to add security to a REST API using JWT Authorizers and Amazon Cognito | JWT Token

Рет қаралды 19,381

Жыл бұрын

A quick tutorial on how to secure your AWS REST APIs using AWS Cognito, JWT Tokens, and JWT Authorizers. We will have the API Gateway setup with JWT Authorizers that will verify each api request has a valid JWT Token. These tokens will be generated from AWS Cognito for an authenticated user.
Topics covered:
1) Simple Lambda Creation using Nodejs
2) Cognito User Pool Creation
3) API Gateway Authorizer - JWT Authorizer

Пікірлер: 46

@saatwikmehta2916 6 ай бұрын

Straightforward and awesome video

@letsfindsolutions 6 ай бұрын

I am glad you found it helpful. I do plan on making more, just need to find the time.

@jumboliah13 7 ай бұрын

Great video. Great content and well executed and straightforward. Well done.

@letsfindsolutions 7 ай бұрын

Glad you found it helpful.

@nareshgujjari Жыл бұрын

Very useful. Thank you.

@letsfindsolutions Жыл бұрын

I'm glad you found it useful.

@kouroshbaghaei382 4 ай бұрын

Thanks a lot! Very concise and to the point! 👌

@letsfindsolutions 3 ай бұрын

Glad it was helpful!

@PrashantZombade Жыл бұрын

Great content, very helpful video. Thanks for your efforts.

@letsfindsolutions Жыл бұрын

Your welcome. I am glad you found it helpful.

@TPDene 22 күн бұрын

Thanks a lot! That's exactly what we need. We want to use Amazon S3 with an existing Keycloak instance and use JWT Token authentification

@letsfindsolutions 17 күн бұрын

Glad it was helpful

@joshuac9142 5 ай бұрын

Top quality stuff!

@letsfindsolutions 5 ай бұрын

Much appreciated!

@Not0rious7 7 ай бұрын

You saved the day! I had t use oauth 2.0 in postman and not the bearer token dropdown

@letsfindsolutions 7 ай бұрын

Glad you found it helpful.

@randall.chamberlain 5 ай бұрын

Nice and to the point

@letsfindsolutions 5 ай бұрын

Thanks!

@kirtipahwa 2 ай бұрын

Keep it up. Informative video👍

@letsfindsolutions 2 ай бұрын

Thanks, will do!

@mehtabahmed6092 Жыл бұрын

Thank you so much!!

@letsfindsolutions Жыл бұрын

I am glad you found the vudeo helpful...I plan to make more...just haven't had time lately. Hopefully soon.

@mehtabahmed6092 Жыл бұрын

I really appreciate it. Yesterday spend whole day and the authorization was not working. So after watching your video, I fixed it 15 minutes!!

@ajaygulani3086 Жыл бұрын

Great video! So how does it all work on the front end? using JaveScript how does one use the host UI and retrieve the token and store and use it?

@letsfindsolutions Жыл бұрын

The hosted UI was more for Demo. How I have implemented this in production is to have the server side code of the website call cognito to grab a token and pass this to my front-end UI to use in an AJAX call to the service. Doing this won't expose the username/password. This way the UI has a token ready to call the api as needed. I have used the hosted UI in my projects to offer QA a way to manually grab tokens in case they wanted to test the web service calls directly without any UI.

@Visgapn1 2 ай бұрын

I have implemented Cognito authentication for my .net web api / react app. It's in .net 4.8 framework and hosted in iis localhost. Also using IIS Url rewrite to configure IIS that react router handlea the app navigations after authentication is completed. Issue is when we make Cognito logout api endpoint get request, it throws CORs error stating Allow Content Header Origin is not present. I have the proper app domain, client id and redirect uri. So what needs to be done in this situation for logout to work. Cognito login works perfectly

@letsfindsolutions 2 ай бұрын

Did you try enabling cors on the api gateway?

@ManishJindalmanisism 3 ай бұрын

How can i use this token further in aws lambda to get the email id or username to do some dynamic processing? Are there any cognito sdk or library available to scrap that Information in aws lambda ?

@letsfindsolutions 3 ай бұрын

I believe you can get the user id or group id of the user from the token. From their you can have a dynamo db table to do mapping and dynamic logic based on your custom lookup.

@joshuaokoro9447 3 ай бұрын

Seems like you can get it from event.requestContext.authorizer

@honeykumarsingh7019 Жыл бұрын

how can i use access token here instead of ID token to authenticate our API?

@letsfindsolutions Жыл бұрын

I have only ever had this work with the ID Token, but I think if you want to use the Access Token, you may have look into writing your own custom authorizer lambda, and then have it validate the access token.

@AthelstanEngland Жыл бұрын

I'm a little lost... perhaps I've jumped in too deep before reading up more, but in essence how or what would you give a third party that you wanted to allow to access your API?

@letsfindsolutions Жыл бұрын

You would create a user for them within Amazon Cognito. They would then use these credentials to call and authenticate against Amazon Cognito (via various methods - AWS SDK, Postman like in the video) to get back the ID_TOKEN. Then they would call the API using the public API Gateway address passing the token which gets validated with the custom authorizer. Maybe start again at the beginning of the video and take it one step at a time....hope that helps :)

@AthelstanEngland Жыл бұрын

@@letsfindsolutions hello thanks for the quick and detailed reply. That makes sense I think. So to confirm though, all I would provide them is the username/password but they could then get the ID_TOKEN in code rather than manually copy and paste as you showed.

@letsfindsolutions Жыл бұрын

@@AthelstanEngland correct...they can call cognito using aws sdk...provide username and password...and it will return the api tokens.

@AthelstanEngland Жыл бұрын

@@letsfindsolutions super, thanks very much for taking the time to reply.

@letsfindsolutions Жыл бұрын

Glad to help out.

@gunyung0089 4 ай бұрын

7:53 When you change the password the second time, it says 'localhost has refused to connect'. How can I solve this? 8:44 I tried it on Postman, but I couldn't get the token's value and it came out the same way

@letsfindsolutions 4 ай бұрын

Not really sure of the issue...just make sure you are using the id token and not the access token. Postman finally updated the ability to use the id token...so maybe try again.