Chapter 5. Authentication and authorization

This chapter covers

  • Authentication and authorization in serverless architecture
  • Auth0 as a central service for authentication
  • JSON Web Tokens and delegation tokens
  • AWS API Gateway and custom authorizers

One of the first questions we’re asked is usually about authentication and authorization in a serverless environment. Without a server, how does one authenticate users and secure access to resources? To help answer these questions, we introduce an AWS service called Cognito and another (non-AWS) service called Auth0. We also introduce the AWS API Gateway and show how to use it to create an API. We show you how to secure this API using custom authorizers and connect it to Lambda functions. Lastly, ...

Get Serverless Architectures on AWS: With examples using AWS Lambda now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.