Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Amazon API Gateway using Auth0

Pradheepa P
November 06, 2023
17

Securing Amazon API Gateway using Auth0

Pradheepa P

November 06, 2023
Tweet

Transcript

  1. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Securing Amazon API Gateway using Auth0
  2. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. © Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Peter Fernandez Principal Developer Advocate Timm Lotter Senior Solutions Engineer Pradheepa Pullanieswaran Staff Developer Advocate Introduction
  3. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Terminology A C R O N Y M / T E R M M E A N I N G User Authentication The process of validating user credentials User Credentials The security information associated with a user; typically UserID and Password MFA Multi-Factor Authentication. Security information in addition to user credentials CIC Okta Customer Identity Cloud. Also synonymous with Auth0 Auth0 The engine that powers Okta CIC CIAM Customer Identity & Access Management B2C Business to Consumer CIAM B2B Business to Business CIAM B2B2C Business to Business to Consumer CIAM No-Code Configuration only customization Low-Code Minor custom implementation Pro-Code More complex custom implementation
  4. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Agenda 01 What is Auth0? 02 Securing REST API with Auth0 03 Demo, It’s showtime
  5. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. What is Auth0? Timm Lotter Senior Solutions Engineer
  6. © Okta and/or its affiliates. All rights reserved. © Okta

    and/or its affiliates. All rights reserved. • Now, every company is a software company experience
  7. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Supplier Portal Dealer Portal Brand 1 e-commerce Brand 1 Warranty Customer Support Universal Login SaaS App w/SSO Customer IDP Supplier IDP Customer Data Platform Employee IDP Dealer IDP Log Streaming Identity Proofing Application Database The Auth0 Platform
  8. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Choosing the right platform is hard enough… REQUEST CLIENT/BROWSER SAML/WSFED OIDC 0AUTH2 Universal Login UX Anomaly Detection Risk Management User Data User Management API + + Pre-Signup Actions Pre-Signup Actions Post-Password Reset Actions Access & ID Tokens Post- Authentication Actions + Actions Prompts (Post-GA) Modified Access & ID Tokens External Pages Your Code Phone Message Actions + MFA User Consent RESPONSE Modified Access & ID Tokens Marketplace Integrations RESOURCE Customizable + + Federated Identity Provider Auth0 DB/Custom DB Marketplace Integrations Extensible Triggers … </> … Operational Redirect Actions
  9. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. auth0.com The Auth0 Ecosystem Integrations Actions Complete coverage for all of your identity needs, including your own custom code Marketplace Integrations Pre User Signup Actions Run custom code before the sign up transaction Get email address from Twitter Allow only work emails Block disposable emails Rule templates Post Login Actions Run custom code after the authentication transaction Allow access during weekdays for a specific App IP Address whitelist Track logins with Mixpanel Send email with Mandrill Check last password reset Rule templates Machine to Machine Actions Fully Integratable with We integrate with any identity service through all standard protocols Post User Signup Actions Run custom code after the sign up transaction Enrich user data with Clearbit Link accounts with same email & merge metadata Google Facebook Microsoft LinkedIn GitHub Dropbox PayPal BitBucket Amazon Twitter Identity Management Box Salesforce BaiDu Renren Shopify Weibo WordPress DWOLLA Instagram Yandex Fitbit Docomo Slack Stripe Connect Twitch Uber Vimeo Digital Ocean LINE Social Apple Active Directory Box CloudBees SSO Integrations Concur Dropbox Microsoft Dyn. Google Adobe Echosign EGNYTE Sentry Sharepoint Slack SpringCM ZenDesk Zoom New Relic Office 365 Salesforce MyLife Digital OneTrust Consent Management Change Password Actions SAML Oauth2 ODIC Eva ID Dataweb Identity Proofing Infobip Keyless Security SumoLogic Azure Developer Tools Esendex Telesign Mito Scales Access Vonage Amazon SNS Bitbucket Heroku Datadog Perch Security Splunk Terraform OnFido Vouched
  10. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. SaaS Identities with Organizations
  11. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. It’s more than just the “Login-Box” Solved by Added integrations and expansions for more complex user flow Fake emails Not real email Slow forgotten emails Problems encountered Verified email flow Client-side email verification Integrated email service Email server 2 But it quickly gets complex as you scale Support system expansion White-label platform Omnichannel experiences for admin to manage users Support to users Moderation w/ Community Ranking Marketing System Integration 3 Marketplace for experts Mobile app Expert onboarding support within the app Created for expending Phone number login ID verification Interview approval 4 And pretty soon, managing customer identity is a full time business for you Forgot my password support Sign up based on nickname and email User Platform for log in 1 It may start being simple Support for users Traction gained Social logins added Added features to consolidate login flow
  12. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Secure API using Auth0 Pradheepa Pullanieswaran Staff Developer Advocate
  13. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. API (Application Programming Interface)
  14. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Client Request API Web Server DB Response Response REST API (Application Programming Interface)
  15. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Base URL : https://gmail.googleapis.com
  16. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Amazon API Gateway
  17. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Architecture
  18. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Amazon API Gateway
  19. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. What are we building today? 1. Lambda to integrate with the API Gateway. 2. REST API supporting both GET/POST requests. 3. An Auth0 authorizer (Lambda) to secure the API Gateway.
  20. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Let’s get into Action!!!!
  21. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. What we built? AWS Request Response JWT Authorizer Auth0 Authzn Server Client API Gateway Lambda
  22. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Client makes a request to the API AWS Request JWT Authorizer Auth0 Authzn Server API Gateway Lambda
  23. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. API GW makes a request to the JWT Authorizer AWS Auth0 Authzn Server API Gateway Lambda JWT Authorizer Client
  24. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. JWT Authorizer sends to JWKS of Authzn server AWS Client API Gateway Lambda JWT Authorizer Auth0 Authzn Server
  25. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. JWT Authorizer validates token, pass to API GW AWS Client API Gateway Lambda Auth0 Authzn Server JWT Authorizer
  26. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. API GW triggers the protected resource (Lambda) AWS JWT Authorizer Client Auth0 Authzn Server API Gateway Lambda
  27. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Lambda returns the response to API GW AWS Lambda API Gateway Client Response JWT Authorizer Auth0 Authzn Server
  28. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. API GW returns the response client AWS Response Auth0 Authzn Server Client JWT Authorizer API Gateway Lambda
  29. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Questions ???
  30. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Upcoming Events https://developer.auth0.com/events Join our hands-on lab on Sep 28th to integrate Auth0 with an application, add authentication with external Identity Provider, enrich token & manage SaaS Identities: https://regionalevents.okta.com/emeaawscicimmersionday28septem
  31. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Zero Index Newsletter https://a0.to/nl-signup
  32. © Okta and/or its affiliates. All rights reserved. Confidential Information

    of Okta – For Recipient’s Internal Use Only. Thank You !!!