AWS Enterprise customers would like to authenticate and authorize their mobile/web applications using a third-party OpenID connect identity provider (OIDC). This project will provide an approach for an end to end integration of serverless applications built using AWS Amplify and Amazon Cognito with a third party OIDC provider. This project would also describe how to approach authorization using a custom lambda authorizer which will provide quota enforcement per user and role-based access control.
The serverless web application hosted within the Amplify Framework, will utilize the Amplify libraries to authenticate and authorize the federated users against the configured Cognito user pool and app client. As a backend resource, an Amazon API Gateway mock integration is configured. Additionally, a custom AWS Lambda authorizer provides quota enforcement per user and role-based access control at the API Gateway. This solution once deployed will allow a federated user to log in to the web application and consume the backend resource.
Building an application with AWS Amplify, Amazon Cognito, and an OpenID Connect Identity Provider
For more details, please refer the README
For more details, please refer the README
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.