aws-samples / websocket-api-cognito-auth-sample Goto Github PK
View Code? Open in Web Editor NEWSample for how to implement WebSocket API authN/Z using Cognito JWT ID token.
License: MIT No Attribution
Sample for how to implement WebSocket API authN/Z using Cognito JWT ID token.
License: MIT No Attribution
It is a not a good practice to put sensitive data such as passwords and tokens in the url.
Reason: Although, communication is encrypted and both query strings and headers are going through inside a TLS communication, it is a standard procedure to log $url at the backend (logging headers are not so common). This way ID Token can be visible in logs and could be disclosed. This increases attack surface. Current best practice is to retrieve short term ticket
and use the ticket
during the ws connection init (as a query string).
It has less dependencies and makes code simpler.
https://github.com/awslabs/aws-jwt-verify
I have found this demo you made to be tremendously helpful for my project that combines the AWS backend stack + Phaser front-end. Thank you very much!
I have one suggestion for a small part of your code that might be able to help others in a similar boat as me.
In your vite.config, you defined global: {}.
While this is necessary for AWS Authenticator to work properly and works fine for building this app, I noticed this would cause building my app with Phaser to crash because Phaser.js has, somewhere in its lines, a declaration that involves global.somethingsomething.
I managed to get around this issue by declaring global: 'window' .
It took me a couple of hours of searching the internet to figure this out. I am pretty new to this space, maybe that is why and this is glaringly obvious to the pros out there, but I thought this might save some poor souls who are noobs like me :)
CDK now supports WebSocketAuthorizer in L2 construct.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.