Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Amazon HTTP APIs with JWT authorizers

Pradheepa P
November 06, 2023
0
14

Securing Amazon HTTP APIs with JWT authorizers

Pradheepa P

November 06, 2023
Tweet

More Decks by Pradheepa P

See All by Pradheepa P
WebAuthn Explained
pradheepa
0
61
Securing Amazon API Gateway using Auth0
pradheepa
0
16
Fostering Inclusivity and Equality
pradheepa
0
27
Take Your Authentication Beyond Passwords
pradheepa
0
59
Building Modern GraphQL APIs
pradheepa
0
22

Featured

See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Designing for Performance
lara
604
68k
Optimizing for Happiness
mojombo
376
70k
Facilitating Awesome Meetings
lara
50
6.1k
Designing for humans not robots
tammielis
250
25k
Become a Pro
speakerdeck
PRO
25
5k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Teambox: Starting and Learning
jrom
133
8.8k
Documentation Writing (for coders)
carmenintech
65
4.4k
A designer walks into a library…
pauljervisheath
203
24k
The Language of Interfaces
destraynor
154
24k

Transcript

  1. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hey !!! - Pradheepa Pullanieswaran, @pradheepa - Staff Developer Advocate, Okta - AWS Community Builder - Excited about all things serverless and security - Running Identity and Security Meetup - https://www.linkedin.com/in/pradheepa

  2. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. - API Definition - HTTP API - Supported Authorization Types - Auth0 JWT Authorizer Agenda

  3. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Application Programming Interface (API) Client Request Response API Web Server DB

  4. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Gmail API Base URL : https://gmail.googleapis.com

  5. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon HTTP API Cost Efficiencies by 70% Reduced Latency by 70% Easier and Faster to implement

  6. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. HTTP Vs REST API Authorization

  7. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. What we are building today? AWS Request Response JWT Authorizer Authzn Server Client

  8. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Client makes a request to the API AWS Request JWT Authorizer Authzn Server

  9. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. API GW makes a request to the JWT Authorizer AWS

  10. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. JWT Authorizer sends to JWKS of Authzn server AWS

  11. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. JWT Authorizer validates token, pass to API GW AWS

  12. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. API GW triggers Lambda AWS

  13. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Lambda returns the response to API GW AWS

  14. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. API GW returns the response client AWS Json Response

  15. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. HTTP API Gateway

  16. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Lambda Integration with HTTP API

  17. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. JWT Authorization

  18. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo

  19. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Thank you! © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the mobile app Pradheepa Pullanieswaran @pradheepa linkedin.com/in/pradheepa