Posts

Leveraging the JWT protected AWS Apigateway / Lambda in React

Image
In my last series of posts ( one , two , three , and four ) I showed how to set up an AWS Lambda and protect access to it with a JWT authorizer using Keycloak.   The previous code and posts were aimed towards a server to server model.  They used users that were defined within the Keycloak server coupled with an optional client secret. This is a great setup when you can share the credentials and the client secret with a trusted consumer of your services.  The caller can use something like AWS Systems Manager Parameter Store or the AWS Key Management Service to store the parameters in a secure way.

Part 4 - the result - API Gateway APIs with Keycloak JWT authentication

Image
In the last article I showed you how to put API Gateway in front of your Lambda.  In this article I'll enable JWT in the API Gateway and show you how to configure a Keycloak client to generate a JWT for the service.  I'm using my development Keycloak service but the concepts will apply to any Keycloak instance.

Part 3 - Keycloak - API Gateway APIs with Keycloak JWT authentication

Image
In the previous article I showed you how to setup API Gateway in front of your Lambda function.  This article will show you how to setup Keycloak to be used for API Gateway.

Part 2 - the Gateway - API Gateway APIs with Keycloak JWT authentication

Image
In part 1 of this series I showed you how to setup an AWS Lambda with the AWS console.  Now, let's protect that Lambda with API Gateway and a JWT Authorizer , specifically with Keycloak . The JWT Authorizer in API Gateway expects a standard JWT to be passed on every call to the API.  This leverages the standard Authorization header to pass the token. A curl call to the API might look like:   curl https://2ozg2rh13f.execute-api.us-west-2.amazonaws.com/default/api-gw-dad-joke -H "Accept: application/json" -H "Authorization: Bearer {token}"     where the token is a JWT that looks something like: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJq ...   In the next article I'll show you where to get this token.  But first, let's put an API in front of the Lambda.     Note: once again I am showing you the "ClickOps" method of setting up your environment by doing everything though the AWS console.  This is not a best practice by any