aws-samples / websocket-api-cognito-auth-sample Goto Github PK

It is a not a good practice to put sensitive data such as passwords and tokens in the url.
Reason: Although, communication is encrypted and both query strings and headers are going through inside a TLS communication, it is a standard procedure to log $url at the backend (logging headers are not so common). This way ID Token can be visible in logs and could be disclosed. This increases attack surface. Current best practice is to retrieve short term ticket and use the ticket during the ws connection init (as a query string).

It has less dependencies and makes code simpler.
https://github.com/awslabs/aws-jwt-verify

I have found this demo you made to be tremendously helpful for my project that combines the AWS backend stack + Phaser front-end. Thank you very much!

I have one suggestion for a small part of your code that might be able to help others in a similar boat as me.

In your vite.config, you defined global: {}.
While this is necessary for AWS Authenticator to work properly and works fine for building this app, I noticed this would cause building my app with Phaser to crash because Phaser.js has, somewhere in its lines, a declaration that involves global.somethingsomething.

I managed to get around this issue by declaring global: 'window' .

It took me a couple of hours of searching the internet to figure this out. I am pretty new to this space, maybe that is why and this is glaringly obvious to the pros out there, but I thought this might save some poor souls who are noobs like me :)

CDK now supports WebSocketAuthorizer in L2 construct.

aws/aws-cdk#16886