Article image Authentication and authorization in APIs with API Gateway and Lambda: Using JWT tokens for authentication and authorization
All courses > Information Technology > Programming Languages ( Python, Ruby, Java, C ) ::

27.5. Authentication and authorization in APIs with API Gateway and Lambda: Using JWT tokens for authentication and authorization

Page 134 of 142 | Listen in audio

27.5. Authentication and Authorization in APIs with API Gateway and Lambda: Using JWT Tokens for Authentication and Authorization

Authentication and authorization are fundamental parts of any application. They ensure that the user is who they say they are (authentication) and that they have permission to do what they are trying to do (authorization). In the context of REST APIs, this is especially important as these APIs are often exposed on the internet and are therefore potential targets for abuse.

A common way to implement authentication and authorization in REST APIs is using JWT tokens (JSON Web Tokens). JWT is an open standard that defines a compact, independent way to transmit information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

In a typical scenario, the user authenticates by providing credentials, such as a username and password. If the credentials are correct, the server generates a JWT token and sends it back to the client. The client then includes this token in each subsequent request to the server. The server checks the token and, if it is valid, processes the request. If the token is not valid (for example, it is expired), the server rejects the request.

Authentication and Authorization with API Gateway and Lambda

AWS API Gateway and AWS Lambda are two powerful services that can be used to create and host REST APIs. They also support authentication and authorization using JWT tokens.

API Gateway can be configured to require a JWT token for certain routes. This is done using a feature called 'JWT Token Authorizers'. A JWT Token Authorizer is a Lambda function that receives a JWT token, checks its validity, and returns an access policy that specifies what actions the token holder is authorized to perform.

Here's an example of how this might work:

  1. The client authenticates by providing its credentials.
  2. The server checks the credentials and, if they are correct, generates a JWT token and sends it back to the client.
  3. The client includes the JWT token in each subsequent request to the server.
  4. API Gateway receives the request and extracts the JWT token.
  5. API Gateway calls the JWT Token Authorizer Lambda function, passing the JWT token as an argument.
  6. The Lambda function checks the validity of the JWT token. If the token is valid, the Lambda function returns an access policy that specifies what actions the token holder is authorized to perform.
  7. API Gateway checks the access policy returned by the Lambda function. If the policy allows the requested action, API Gateway processes the request. If the policy does not allow the requested action, API Gateway rejects the request.

This process ensures that only authenticated users with appropriate permissions can access your REST APIs.

Conclusion

Authentication and authorization are fundamental parts of any application and using JWT tokens is an effective way to implement these functionalities in REST APIs. AWS API Gateway and AWS Lambda provide robust support for authentication and authorization using JWT tokens, making them an excellent choice for developing secure REST APIs.

Now answer the exercise about the content:

What is the role of the JWT Token Authorizer in authentication and authorization with API Gateway and Lambda?

You are right! Congratulations, now go to the next page

You missed! Try again.

Article image Authentication and authorization in APIs with API Gateway and Lambda: Configuring security policies in API Gateway

Next page of the Free Ebook:

135Authentication and authorization in APIs with API Gateway and Lambda: Configuring security policies in API Gateway

3 minutes

Obtenez votre certificat pour ce cours gratuitement ! en téléchargeant lapplication Cursa et en lisant lebook qui sy trouve. Disponible sur Google Play ou App Store !

Get it on Google Play Get it on App Store

This article belongs to the Free Ebook:

Free Ebook cover Python course with Lambda and API Gateway for backend development

Python course with Lambda and API Gateway for backend development

5

(1)

142 pages

Free online courses onProgramming Languages ( Python, Ruby, Java, C )

Our programming free online courses offer comprehensive training on all the popular languages like Java, Python, C , and more. Learn how to programming today for free.

Free online courses onInformation Technology

Our IT free online courses offer top-notch training in the latest technologies and tools, including programming languages, web development, cybersecurity, and more.

+ 6.5 million
students

Free and Valid
Certificate with QR Code

48 thousand free
exercises

4.8/5 rating in
app stores

Free courses in
video, audio and text

Information Technology287 courses Web Development, 40 courses | Programming Languages ( Python, Ruby, Java, C ), 32 courses | Office productivity, 29 courses | Cyber Security, 14 courses | App Development, 24 courses | Database, 20 courses | Software testing, 14 courses | Artificial Intelligence, 24 courses | Web Servers and Cloud Computing, 17 courses | Data Science and Business Intelligence, 7 courses | Backend development, 13 courses | Programming logic, 6 courses | IT Tools, 13 courses | Maintenance of computers and notebooks, 3 courses | Operational Systems, 8 courses | Basic informatics, 9 courses | Game development, 14 courses |
Languages175 courses English, 24 courses | French, 21 courses | Spanish, 25 courses | German, 23 courses | Japanese, 18 courses | Italian, 13 courses | Korean, 14 courses | Chinese / Mandarin, 10 courses | Portuguese, 8 courses | Sign language, 9 courses | Russian, 6 courses | Polish, 4 courses |
Business administration139 courses Digital Marketing, 29 courses | Entrepreneurship, 12 courses | Human resources, 8 courses | Investments, 18 courses | Project management, 13 courses | Business Skills, 4 courses | Accounting, 11 courses | Ecommerce and Sales, 13 courses | Corporate Finances, 9 courses | Purchasing management, 5 courses | Political, 11 courses | Management, 6 courses |
Professional courses224 courses Electrician, 21 courses | Customer Service, 14 courses | Culinary, 30 courses | Engineering and Mechanics, 14 courses | Logistics and Supply chain, 8 courses | Construction, 20 courses | Fashion, cutting and sewing, 16 courses | Car and Motorcycle Repairs, 13 courses | Cashier and Bank teller, 5 courses | Mobile phone repairs, 4 courses | Welding, 8 courses | Property and Private Security, 7 courses | Refrigeration and air conditioning, 10 courses | Journalism, 6 courses | Woodworking, 10 courses | Realtor, 10 courses | Farming, 8 courses | Crafts, 8 courses | Other Professions, 11 courses |
Health121 courses First aid, 10 courses | Nutrition and weight loss, 15 courses | Physiotherapy, 16 courses | Nursing, 11 courses | Psychology, 18 courses | Physical Exercises to a Health Life, 9 courses | Anatomy, 16 courses | Pharmacology, 10 courses | Child Care, 2 courses | Physiology, 9 courses | Others in Health and Medicine, 5 courses |
Design and Art101 courses Graphic design, 21 courses | UX - User Experience, 23 courses | Image editing, 12 courses | Drawing and Painting, 17 courses | Architectural design, 11 courses | Video edition, 15 courses | Video animations, 2 courses |
Basic studies107 courses Physics, 9 courses | Algebra, 10 courses | Biology, 8 courses | Logical Reasoning, 5 courses | Statistics, 10 courses | Chemistry, 8 courses | Calculus, 10 courses | Geography, 9 courses | Philosophy, 3 courses | Trigonometry, 7 courses | Literature, 5 courses | Geometry, 9 courses | History, 5 courses | Economics, 6 courses | Sociology, 3 courses |
Instruments and Vocal91 courses Sing, 14 courses | Guitar, 9 courses | Piano, 12 courses | Music production and DJ mixing, 10 courses | Flute, 8 courses | Drums, 7 courses | Violin, 7 courses | Eletric Guitar, 9 courses | Bass, 7 courses | Saxophone and Clarinet, 7 courses | Ukulele, 1 courses |
Esthetics48 courses Makeup, 6 courses | Nails, manicure and pedicure, 8 courses | Skin care, 9 courses | Barbershop, 11 courses | Eyebrow design, 9 courses | Hair care, 6 courses |
Others69 courses Sports, 19 courses | Photography, 10 courses | Massage therapy, 5 courses | Astronomy, 4 courses | Astrology, 4 courses | Youtuber, 3 courses | Magic and Hypnosis, 2 courses | Table and Card games, 5 courses | Robotics, 5 courses | Theology, 3 courses | Theater and Film making, 4 courses | Dance, 5 courses |

This site and the application have been developed with the goal of helping people find free courses more easily, because there are many good and free content on youtube, but many people are not aware of this.
contato@cursa.app

MEDEIROS TECNOLOGIA LTDA - CNPJ 24.471.978/0001-08

Access in other languages:

Spanish French Portuguese Hindi
Get it on Google Play Get it on App Store
DMCA.com Protection Status