khalidx / auth Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 1.0 4.65 MB

A collection of authentication and authorization implementations for AWS API Gateway.

License: MIT License

JavaScript 4.59% TypeScript 30.24% HCL 65.17%

authentication authorization aws-api-gateway serverless

auth's Introduction

Hi 👋, I'm Khalid

Let's connect!

Languages and Tools

Status Update

I'm currently working on cloudfs, an easy way to discover and manage your cloud like a local filesystem!

I'm also working on tree, a new language for computing, and the simplest language on the planet! It's in private beta.

Can't figure out how to use ESM + TypeScript + ts-node + Node.JS? Feel like you've been running in circles with tutorials and blogs claiming to have the right config? Look no further. If you want a working config, check out my gist with 490+ stars ⭐️. You'll be up and running in no time!

Repositories

Pinned repositories below are authored by me. Check out my Github Stars for notable projects from around the internet!

auth's People

Contributors

Stargazers

Watchers

Forkers

asmtal

auth's Issues

`identityValidationExpression` is incorrect

The identityValidationExpression: "^x-[a-z]+" in the recommended Swagger configuration is incorrect, and prevents the authorizer from being called (the API Gateway rejects the request).

Solution: remove this field until its usage is needed and better understood.

Include usage plan terraform instructions in README

Although the Terraform module README already includes instructions and screenshots for setting up a usage plan, we should probably also include terraform instructions for setting up a usage plan, which is easier and automated.

The authorizer returns a double-quoted response

The authorizer returns ””Unauthorized””, which should not be double-quoted.

Terraform seems to update `api_key_source`

Terraform seems to automatically update the api_key_source parameter in the Terraform state if it is not explicitly defined in a Terraform aws_api_gateway_rest_api resource, even though it is defined in the Swagger that is provided to the aws_api_gateway_rest_api body parameter.

The solution seems to be manually (explicitly) defining the api_key_source in both Terraform and Swagger :(. This is not an elegant fix since now the configuration exists in both places and can get out of sync.

Research this issue.

The authorizationToken in the event should be used

Currently, we are checking event.headers.Authorization for the basic auth credentials, rather than event.authorizationToken.

event.headers.Authorization is valid when using the REQUEST authorizer type, but since we are using the TOKEN authorizer type (which uses the Authorization header by default), AWS instead provides the value in the event.authorizationToken field.

Solution: replace the authorizer code to check for event.authorizationToken instead.

Terraform won’t automatically update the module

The way the module is being imported and used today (by referencing the master branch in GitHub) doesn’t trigger an update when master changes.

This is because if terraform init has already been run, and the module is already downloaded locally, a refresh won’t occur since the version didn’t change (since it is master and not an explicit version).

Solution: update the docs to recommend pointing to a specific version, and publish those versions as git tags.

Missing provider region configuration

An error is currently displayed when the module is imported into a terraform manifest, during terraform apply, due to the provider resource not having the region configured.

The module includes the AWS provider but does not provide a value for the region for the provider.

Either:

The provider entry must be removed from the module (check practices to see whether modules usually include providers).
The region should be a variable that can be passed to the provider.