Serverless

    AWS | Auth0 Custom Authorizers API

    This is an example of how to protect API endpoints with Auth0, JSON Web Tokens (jwt) and a custom authorizer lambda function.

    user  

    Erez Rokah

    Clone This Example

    Step #1 -
    npm install serverless -g
    Step #2 -
    serverless install -u https://github.com/serverless/examples/tree/master/aws-node-auth0-custom-authorizers-api -n  aws-node-auth0-custom-authorizers-api

    API Gateway Custom Authorizer Function + Auth0

    This is an example of how to protect API endpoints with auth0, JSON Web Tokens (jwt) and a custom authorizer lambda function.

    Custom Authorizers allow you to run an AWS Lambda Function before your targeted AWS Lambda Function. This is useful for Microservice Architectures or when you simply want to do some Authorization before running your business logic.

    View live demo

    Use cases

    • Protect API routes for authorized users
    • Rate limiting APIs

    Setup

    1. npm install json web token dependencies

    2. Setup an auth0 application.

    3. Get your Client ID (under applications->${YOUR_APP_NAME}->settings) and plugin your AUTH0_CLIENT_ID in a new file called secrets.json (based on secrets.example.json).

    4. Get your public key (under applications->${YOUR_APP_NAME}->settings->Show Advanced Settings->Certificates->DOWNLOAD CERTIFICATE). Download it as PEM format and save it as a new file called public_key

    5. Deploy the service with serverless deploy and grab the public and private endpoints.

    6. Plugin your AUTH0_CLIENT_ID, AUTH0_DOMAIN, and the PUBLIC_ENDPOINT + PRIVATE_ENDPOINT from aws in top of the frontend/app.js file.

      /* frontend/app.js */
// replace these values in app.js
const AUTH0_CLIENT_ID = 'your-auth0-client-id-here';
const AUTH0_DOMAIN = 'your-auth0-domain-here.auth0.com';
const PUBLIC_ENDPOINT = 'https://your-aws-endpoint-here.amazonaws.com/dev/api/public';
const PRIVATE_ENDPOINT = 'https://your-aws-endpoint-here.us-east-1.amazonaws.com/dev/api/private';

    7. Deploy Frontend to host of your choosing and make sure to configure the Allowed Callback URL and Allowed Origins in your auth0 client in the auth0 dashboard. We used http://auth0-serverless-protected-routes-demo.surge.sh/ for our demo.

    Custom authorizer functions

    Custom authorizers functions are executed before a Lambda function is executed and return an Error or a Policy document.

    The Custom authorizer function is passed an event object as below:

    {
  "type": "TOKEN",
  "authorizationToken": "<Incoming bearer token>",
  "methodArn": "arn:aws:execute-api:<Region id>:<Account id>:<API id>/<Stage>/<Method>/<Resource path>"
}

    Frontend

    The frontend is a bare bones vanilla javascript implementation.

    You can replace it with whatever frontend framework you like =)

    If you do implement in another framework, please consider adding it our growing list of examples!

    API calls are made with the browser's native fetch api.

    Latest commit b2f54ec on Sep 24, 2017

    New to serverless?

    To get started, pop open your terminal & run:

    npm install serverless -g

    Product

    Open Source

    Pro

    Components

    Plugins

    CI/CD

    Metrics

    Alerts

    Troubleshooting

    Policies

    Dashboard

    Integrations

    Docs

    Services

    Training

    Support

    Pricing

    Learn

    Free Courses

    What?

    Why?

    Use cases

    Examples

    Case studies

    Comparisons

    Community

    Community Courses

    Blog

    GitHub

    Forum

    Slack

    Meetups

    Partners

    Company

    About us

    Join us

    Contact

    Terms of service

    Privacy Policy

    hello@serverless.com - Copyright © 2020 Serverless, Inc. All rights reserved.