Skip to content
This repository was archived by the owner on Apr 17, 2024. It is now read-only.

Add v1 routes with authentication#37

Merged
parberge merged 4 commits intomasterfrom
parberge/issue16
Apr 15, 2021
Merged

Add v1 routes with authentication#37
parberge merged 4 commits intomasterfrom
parberge/issue16

Conversation

@parberge
Copy link
Copy Markdown
Member

@parberge parberge commented Apr 13, 2021
edited
Loading

Adds authentication by requiring a header (Authorization) with an expected value.

Old routes will be removed when all clients have been updated to use v1 routes.

Fixes #16

@parberge parberge changed the title PoC auth WIP: PoC auth Apr 13, 2021
@parberge parberge marked this pull request as draft April 13, 2021 17:12
@parberge
Copy link
Copy Markdown
Member Author

parberge commented Apr 13, 2021

Authenticated request:

https https://ywdi37qne9.execute-api.eu-north-1.amazonaws.com/api/v1/foo 'Authorization: development'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 13
Content-Type: application/json
Date: Tue, 13 Apr 2021 17:10:28 GMT
Via: 1.1 ed87681648230d81cfe4a69364ab730c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: TcevCFvizswEgfhuLckGDCuOm1MoLQwHrSI7H1i_S6pQVAx3bXXzoQ==
X-Amz-Cf-Pop: ARN54-C1
X-Amzn-Trace-Id: Root=1-6075d084-2d94af0e213bb4bd26536fc0;Sampled=0
X-Cache: Miss from cloudfront
x-amz-apigw-id: du2EpFcegi0FshA=
x-amzn-RequestId: 5eca8249-6f54-4096-b996-7fb807904de6

{
    "foo": "bar"
}

Unauthorized request:

https https://ywdi37qne9.execute-api.eu-north-1.amazonaws.com/api/v1/foo 'Authorization: wrong_key'
HTTP/1.1 403 Forbidden
Connection: keep-alive
Content-Length: 60
Content-Type: application/json
Date: Tue, 13 Apr 2021 17:10:42 GMT
Via: 1.1 f6020f10d519a41b0c116dad7dcb2798.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 3RmUPMik5aBeH-lrnXerNKinfPcV4XWBK2iRsp24q57Y29bm3dxNCw==
X-Amz-Cf-Pop: ARN54-C1
X-Cache: Error from cloudfront
x-amz-apigw-id: du2G8FjJgi0F8FQ=
x-amzn-ErrorType: AccessDeniedException
x-amzn-RequestId: 5e9c1403-0550-4ba8-95c0-671de65d5278

{
    "Message": "User is not authorized to access this resource"
}

@parberge parberge changed the title WIP: PoC auth Add v1 routes with authentication Apr 13, 2021
@parberge parberge requested review from kamigerami and tommymalmqvist and removed request for kamigerami April 14, 2021 16:15
@parberge parberge marked this pull request as ready for review April 14, 2021 16:18
kamigerami
kamigerami approved these changes Apr 15, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@kamigerami kamigerami left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks damn good!

@parberge parberge merged commit 22d88f0 into master Apr 15, 2021
@parberge parberge deleted the parberge/issue16 branch April 15, 2021 11:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@tommymalmqvist tommymalmqvist Awaiting requested review from tommymalmqvist

1 more reviewer

@kamigerami kamigerami kamigerami approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Limit access to the API

2 participants

@parberge @kamigerami