Hello i'm trying to expose my app (having spring oauth2 client github and google) via aws gw
when i deploy my app without api gw everything is ok,
but i'm having many troubles when i want to use it through api gw of aws
i declare all my oauth2 routes in api gw (/oauth2/authorization/github and .../google)
delare all the call back routes also in api gw (/login/oauth2/code/github and .../google)
evrything is ok, until de redirection success calls the call back then i have an error of
{"title":"Unauthorized","status":401,"detail":"Full authentication is required to access this resource","path":"/error","message":"error.http.401"}
Related
I have a laravel api app where we can access the api via http://mydomain/api/v1/categories. I have also implemented kong api gateway to access those api. How to restrict the accessing of api through laravel api routes and allow only through kong api gateway.
For eg. Accessing http://mydomain/api/v1/categories which is laravel route should return 404 but `http://kongdomain/service1/v1/categories should return the response.
This will prevent access of API endpoint which i cannot track and everything passes through Kong API gateway.
Add required parameter accessKey=examplekey in your api request, And then you can access your laravel api with this examplekey.
I am brand new to AWS API Gateway/AWS Lambda/AWS Amplify. I have a React Native application that I am trying to use AWS Amplify to make an API call and issue a PUT request, which would then cause the API Gateway to invoke my AWS Lambda function. When I create the AWS Amplify API endpoint, I don't see a command line option to define a PUT method. The default is "Any", which works, but I would like to specify a PUT method specifically. When I add in a PUT method manually on the API Gateway website and then call it from my React Native front end, I get...
Error: Request failed with status code 500
Looking at the API Gateway responses, this is due to either an "Authorizer Configuration Error" or an "Authorizer Failure", so I am assuming the problem is not with my front end code but with the configuration of "authorizers" on the API Gateway. What are authorizers? How do they relate to making an API call? And what steps can I take to troubleshoot what the problem might be?
You can use a lambda, a Cognito User Pool or an IaM role as an Authorizer. The short version is that your API endpoints can either be open and public or have an Authorizer, if they have an authorizer then they have to be setup correctly. It is set through the API Gateway config for an endpoint in the Method Request section.
AWS Lambda authorizer info:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
AWS Cognito Info:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
I want to implement an api gateway for a bunch of micro services running on laravel. In front of the gateway there is an angular client where the user has to login with the username and password. The idea is that the user sends the request with the credentials to the gateway which forwards it to the authentication service. If the data is correct, a token will be issued, which will be included in every further request.
I think I will implement the gateway with kong and the oauth2 plugin. I have already looked at their documentation https://docs.konghq.com/hub/kong-inc/oauth2/#resource-owner-password-credentials but I don't really understand the flow.
Does the angular client have to communicate directly with the authentication service on the first request? And if so, does the authentication service need an own url? I think it would make more sense if all the request would go through the gateway, wouldn't it?
Thank you!
From what I understood, your angular app can send username:password to kong gateway and that will proxy the request to your authentication service. You can verify if the user is legit in your auth service.
1) if legit, then make a request to /oauth2/token endpoint provided by kong's oauth2 plugin. Kong will return your auth service an access_token which you can return back to the user
2) If not legit then throw an error.
Does the angular client have to communicate directly with the authentication service on the first request?
Only if your auth service is a third party service you can do that.
My frontend code is deployed in Cloudfront and tries to access Lambda through API Gateway. However, the API Gateway is authenticated with AWS_IAM which means it seems that frontend cannot access it directly. So I wonder if there are any methods I can access API Gateway like for example use Cognito to act as an authorizer or something else?
I have used the this aws blog, which show how to use API keys between an Amazon CloudFront distribution and API Gateway to secure access to your API in API Gateway in addition to your preferred authorization (AuthZ) mechanism already set up in API Gateway.
I have separate auth service and products service.
I need to have an api gateway in front of the services and do this function for protected url:
Call the auth service and validates the user token
if token is valid attach the user id to the request and make the request to products service.
Is there any API gateway supports this custom logic to handle requests ?
Thanks.
The answer depends on the technology stack you are using. Which language? Which framework? Where to deployed? Do you use client sessions or JWT? Oauth or Saml or custom auth service?
If you can give more details we can help better. Here are three random examples:
If you have an AWS based stack (e.g. serverless) you can use AWS API Gateway with a custom auth handler. See this.
If you develop with a framework that supports middleware you can write a small middleware to handle auth. Example for golang here. Example for laravel here.
Hosting your own Zuul gateway with oauth example.
For a lot of technologies you will find standard oauth or saml components that you can use as middleware.