Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Amazon HTTP APIs with JWT authorizers

Pradheepa P
November 06, 2023
15

Securing Amazon HTTP APIs with JWT authorizers

Pradheepa P

November 06, 2023
Tweet

Transcript

  1. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hey !!! - Pradheepa Pullanieswaran, @pradheepa - Staff Developer Advocate, Okta - AWS Community Builder - Excited about all things serverless and security - Running Identity and Security Meetup - https://www.linkedin.com/in/pradheepa
  2. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. - API Definition - HTTP API - Supported Authorization Types - Auth0 JWT Authorizer Agenda
  3. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Application Programming Interface (API) Client Request Response API Web Server DB
  4. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Gmail API Base URL : https://gmail.googleapis.com
  5. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon HTTP API Cost Efficiencies by 70% Reduced Latency by 70% Easier and Faster to implement
  6. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. HTTP Vs REST API Authorization
  7. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. What we are building today? AWS Request Response JWT Authorizer Authzn Server Client
  8. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Client makes a request to the API AWS Request JWT Authorizer Authzn Server
  9. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. API GW makes a request to the JWT Authorizer AWS
  10. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. JWT Authorizer sends to JWKS of Authzn server AWS
  11. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. JWT Authorizer validates token, pass to API GW AWS
  12. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. API GW triggers Lambda AWS
  13. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Lambda returns the response to API GW AWS
  14. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. API GW returns the response client AWS Json Response
  15. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Lambda Integration with HTTP API
  16. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Thank you! © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the mobile app Pradheepa Pullanieswaran @pradheepa linkedin.com/in/pradheepa