A crash course on Serverless Authentication/Authorization
A short and easy boilerplate showcasing JWT auth with Nodejs, the Serverless framework, MongoDB and AWS Lambda.
- The
auth
folder has aVerifyToken.js
file which is the base of the authorizer function. - The
VerifyToken.auth
method is added to the authorizer field in theserverless.yml
for API Gateway routes you wish to keep private. See theme
function.AuthHandler.me
usesevent.requestContext.authorizer.principalId
to access theuserId
of the user accessing the resource if the JWT is valid. Otherwise returns'Unauthorized'
.
Note: The concept of middlewares can be applied to this for understanding it easily.