Tutorial: How to add security to a REST API using JWT Authorizers and Amazon Cognito | JWT Token
ฝัง
- เผยแพร่เมื่อ 20 ส.ค. 2024
- A quick tutorial on how to secure your AWS REST APIs using AWS Cognito, JWT Tokens, and JWT Authorizers. We will have the API Gateway setup with JWT Authorizers that will verify each api request has a valid JWT Token. These tokens will be generated from AWS Cognito for an authenticated user.
Topics covered:
1) Simple Lambda Creation using Nodejs
2) Cognito User Pool Creation
3) API Gateway Authorizer - JWT Authorizer
![[UNCUT] ชาวบ้านถาม “นายกอุ๊งอิ๊งค์” ประชาชนมีกิน มีใช้ กี่โมง? I คนดังนั่งเคลียร์ I 16 ส.ค. 67](http://i.ytimg.com/vi/tKZvOzLIJJc/mqdefault.jpg)
![[TH] 2024 PMSL SEA W1D5 | Fall | เก็บแต้มของจริง คือวันนี้](http://i.ytimg.com/vi/EciIAlCXg5k/mqdefault.jpg)
Straightforward and awesome video
I am glad you found it helpful. I do plan on making more, just need to find the time.
Thanks a lot! Very concise and to the point! 👌
Glad it was helpful!
Great video. Great content and well executed and straightforward. Well done.
Glad you found it helpful.
Keep it up. Informative video👍
Thanks, will do!
Great content, very helpful video. Thanks for your efforts.
Your welcome. I am glad you found it helpful.
You saved the day! I had t use oauth 2.0 in postman and not the bearer token dropdown
Glad you found it helpful.
Top quality stuff!
Much appreciated!
Thanks a lot! That's exactly what we need. We want to use Amazon S3 with an existing Keycloak instance and use JWT Token authentification
Glad it was helpful
Nice and to the point
Thanks!
Very useful. Thank you.
I'm glad you found it useful.
Thank you so much!!
I am glad you found the vudeo helpful...I plan to make more...just haven't had time lately. Hopefully soon.
I really appreciate it. Yesterday spend whole day and the authorization was not working. So after watching your video, I fixed it 15 minutes!!
Great video! So how does it all work on the front end? using JaveScript how does one use the host UI and retrieve the token and store and use it?
The hosted UI was more for Demo. How I have implemented this in production is to have the server side code of the website call cognito to grab a token and pass this to my front-end UI to use in an AJAX call to the service. Doing this won't expose the username/password. This way the UI has a token ready to call the api as needed. I have used the hosted UI in my projects to offer QA a way to manually grab tokens in case they wanted to test the web service calls directly without any UI.
The AWS Cognito interface has changed, the setup is very different from what's shown in this video.
Agreed, the screens have changed...but the concept is essentially the same. When i have time i will do an updated video.
I'm a little lost... perhaps I've jumped in too deep before reading up more, but in essence how or what would you give a third party that you wanted to allow to access your API?
You would create a user for them within Amazon Cognito. They would then use these credentials to call and authenticate against Amazon Cognito (via various methods - AWS SDK, Postman like in the video) to get back the ID_TOKEN. Then they would call the API using the public API Gateway address passing the token which gets validated with the custom authorizer. Maybe start again at the beginning of the video and take it one step at a time....hope that helps :)
@@letsfindsolutions hello thanks for the quick and detailed reply. That makes sense I think. So to confirm though, all I would provide them is the username/password but they could then get the ID_TOKEN in code rather than manually copy and paste as you showed.
@@AthelstanEngland correct...they can call cognito using aws sdk...provide username and password...and it will return the api tokens.
@@letsfindsolutions super, thanks very much for taking the time to reply.
Glad to help out.
I have implemented Cognito authentication for my .net web api / react app. It's in .net 4.8 framework and hosted in iis localhost. Also using IIS Url rewrite to configure IIS that react router handlea the app navigations after authentication is completed.
Issue is when we make Cognito logout api endpoint get request, it throws CORs error stating Allow Content Header Origin is not present.
I have the proper app domain, client id and redirect uri.
So what needs to be done in this situation for logout to work.
Cognito login works perfectly
Did you try enabling cors on the api gateway?
why implicit grant rather than Authorization code grant? Aws doesn't recommend using Implicit Grant
We are using jwt tokens. In not sure on the question.
7:53 When you change the password the second time, it says 'localhost has refused to connect'.
How can I solve this?
8:44 I tried it on Postman, but I couldn't get the token's value and it came out the same way
Not really sure of the issue...just make sure you are using the id token and not the access token. Postman finally updated the ability to use the id token...so maybe try again.
How can i use this token further in aws lambda to get the email id or username to do some dynamic processing? Are there any cognito sdk or library available to scrap that Information in aws lambda ?
I believe you can get the user id or group id of the user from the token. From their you can have a dynamo db table to do mapping and dynamic logic based on your custom lookup.
Seems like you can get it from event.requestContext.authorizer
AWS UI changed now. Cognito UI looks entirely new and unable to get published the user login page.😥
See if you see the option for classic mode...if so you xan switch back to that view maybe
how can i use access token here instead of ID token to authenticate our API?
I have only ever had this work with the ID Token, but I think if you want to use the Access Token, you may have look into writing your own custom authorizer lambda, and then have it validate the access token.