Build a Serverless Application Using Token-Based Authentication with AWS API Gateway and Lambda
A serverless application runs custom code as a compute service without the need to maintain an operating environment to host your service. Instead, a service like AWS Lambda or webtask.io executes your code on your behalf.
Amazon API Gateway extends the capabilities of AWS Lambda by adding a service layer in front of your Lambda functions to extend security, manage input and output message transformations, and provide capabilities like throttling and auditing. A serverless approach simplifies your operational demands, since concerns like scaling out and fault tolerance are now the responsibility of the compute service that is executing your code.
However, you often want to tie your APIs to your existing users, either from social providers like Twitter and Facebook, or within your own organization from Active Directory or a customer database. This tutorial demonstrates how to authorize access of your Amazon API Gateway methods for your existing users using Auth0 delegation for AWS and integration with AWS Identity and Access Management (IAM).
Next, the tutorial walks you through setting up the Amazon API Gateway using AWS Lambda functions, securing those functions with AWS IAM roles, and then using Auth0 delegation to obtain a token for the AWS IAM role. It will then show you how to assign different permissions to various classes of users, like internal database or social users, and how to flow identity using a JSON Web Token (JWT).
You will be taken through the following steps:
- Step 1 - Set up the AWS API Gateway
- Step 2 - Secure and Deploy the Amazon API Gateway
- Step 3 - Build the Client Application
- Step 4 - Use Multiple Roles with Amazon API Gateway
- Step 5 - Use Identity Tokens to Flow Identity