Skip to content
/ auth0-auth-service Public

Auth Microservice with auth0, JWT, Custom Authorizer Lambda & Serverless Framework

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AndrewCathcart/auth0-auth-service

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
src/handlers
src/handlers
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
serverless.yml
serverless.yml
 
 

Repository files navigation

auth0-auth-service

Adapted from Serverless example

Protect API endpoints with Auth0, JWT & Custom Authorizer Lambda

Exposes a public and private endpoint for testing.

Usage

1. Prerequisites

  • Node is required. This can be installed via the website or by using nvm (see their documentation).
  • AWS CLI Version 2 (with config setup)
  • Serverless $ npm install -g serverless
  • Create an auth0 account & an application. Make sure to add in allowed callback urls, allowed logout urls and allowed web origins (e.g. http://localhost:3000 for our test front-end).
  • Enable Password Grant Type in the Advanced Settings of your Application.
  • Go to your Auth0 Tenant Settings and make sure API Authorization Settings Default Directory is Username-Password-Authentication.

Then install dependencies

$ npm install

2. Create secret.pem file

This file contains the Auth0 public certificate, used to verify tokens.

  • Create a secret.pem file in the root folder of this project.
  • Paste the public certificate in there.

3. Deploy the stack

Deploy the stack using Serverless in order to consume the private/public testing endpoints.

$ sls deploy -v

4. Final test

To make sure everything works, send a POST request (curl / Postman) to the private endpoint.

  • Obtain a test token from Auth0.
  • Provide your token in the headers like so:
"Authorization": "Bearer YOUR_TOKEN"

Cross-stack authorization

This is very useful in a microservices setup. For example, you have an Auth Service (this service) which owns anything auth/user-related, and a bunch of other services that require user authorization.

Easy to make your authorizer work anywhere else in your AWS account.

When defining Lambdas in other services, simply define the authorizer as well and provide the ARN of your auth function (found in the AWS Console or via sls info).

Example:

functions:
  someFunction:
    handler: src/handlers/someFunction.handler
    events:
      - http:
          method: POST
          path: /something
          authorizer: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:auth0-auth-service-dev-auth

If everything was set up correctly, all incoming requests to your someFunction Lambda will first be authorized. You can find the JWT claims at event.requestContext.authorizer.

About

Auth Microservice with auth0, JWT, Custom Authorizer Lambda & Serverless Framework

Topics

auth0 serverless-framework jwt-authentication lambda-authorizer

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages