Use case / spam prevention feature: Describe how to add authentication

[maxsu]

I'm going to adapt your form to accept customer design requests consisting of cad files, images, form text boxes, and form checkboxes. In my use case, customers should authenticate via a login page.

Something like a very simplified developer portal could help for the login and registration, see: https://github.com/awslabs/aws-api-gateway-developer-portal/wiki/Components

Here, we can rip out everything having to do with showing APIs to developers. One or more lambda forms would live after a login and registration component. The only issue is that using developer portal as a springboard feels a bit like overdoing it - that's a lot of functionality to reliably strip out, and the result could be hard to maintain.

Is there a less complex starting point?

[maxsu]

Looks like api portal has a feature called custom authorizers, which cognito can drive:

https://www.serverless.com/blog/strategies-implementing-user-authentication-serverless-applications https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

The story could look like:

1. The user hits the form page, and click the registration button.
2. The user goes through the service's registration story in cognito, and logs in.
3. The form page detects the user's cognito token, and makes the form visible.
4. Upon form submission, a lamda authorizer validates the cognito token.
5. If authorizer succeeds, process form data with lambda-form.
6. Celebrate the newyear!