Task 7. Authorization #35
Comments
|
Good job, mark 6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
|
Good job, mark 6 |
Task 7 assignment
Note for reviewers
Task 7 Artifacts (Pull Request #34)
Task 7.1
✔️ create a new service called
authorization-service✔️ create a lambda function called
basicAuthorizerin the Authorization Service.✔️ lambda has an environment variable with the following credentials:
USER_GURIA=TEST_PASSWORD✔️
basicAuthorizerlambda takes Basic Authorization token, decodes it and checks that credentials provided by token exist in the lambda environment variable.✔️ lambda returns 403 HTTP status if access is denied for this user (invalid authorization_token) and 401 HTTP status if Authorization header is not provided.
✔️ credentials are not stored under VCS and provided to environment from repository encrypted secrets
Task 7.2
✔️
basicAuthorizerlambda is set to/importpath of the API Gateway as lambda authorizer.Task 7.3
✔️ request from the client application to the
/importpath has Basic Authorization headerAuthorization: Basic {authorization_token}✔️ {authorization_token} is a base64-encoded
GURIA:TEST_PASSWORD✔️ client gets authorization_token value from browser localStorage
Additional tasks:
➕ client application should display alerts for the responses in 401 and 403 HTTP statuses.
Links to deployment
All PRs are merged. So app is deployed from
mainbranch.Web App deployed to Cloudfront and available at following addresses:
Swagger Schema available at:
Swagger UI available at:
The text was updated successfully, but these errors were encountered: