oktadev / okta-nodejs-aws-lambda-example Goto Github PK

6.0 3.0 4.0 430 KB

License: Apache License 2.0

JavaScript 100.00%

okta-nodejs-aws-lambda-example's Introduction

Example Secure AWS Lambda App

This is an example API that can be run locally or in AWS Lambda. Given longitude and latitude it finds some information about the location. The app is protected behind authentication provided by Okta. For more information on how to set it up with AWS, visit the Okta developer blog.

Prerequisites: Node.js.

Getting Started

To install this example application, run the following commands:

git clone [email protected]:oktadeveloper/okta-nodejs-aws-lambda-example.git
cd okta-express-graphql-example
npm install

This will install a local copy of the project. You will need to set up some environment variables before the app will run properly.

To integrate Okta's Identity Platform for user authentication, you'll first need to:

Sign up for a free Okta Developer account
You will get a URL similar to https://dev-123456.oktapreview.com.
- Save this URL for later
- You will also use this URL to login to your Okta account

You will need to create an application in Okta:

Log in to your Okta account, then navigate to Applications and click the Add Application button
Select Web and click Next
Give your application a name (e.g. "Where is it?")
If you're using this within AWS Lambda, add a Base URI pointing to your API Gateway (e.g. https://asdf.execute-api.us-west-2.amazonaws.com/ and a Login redirect URI pointing to the callback route, with the API Gateway's stage prefix (e.g. https://asdf.execute-api.us-west-2.amazonaws.com/default/authorization-code/callback, then click Done
Save your Client ID and Client Secret for later

Your Okta application should have settings similar to the following:

Now create a file called .env in the project root and add the following variables, replacing the values with your own from the previous steps.

.env

OKTA_ORG_URL=https://{yourOktaOrgUrl}
OKTA_CLIENT_ID={yourClientId}
OKTA_CLIENT_SECRET={yourClientSecret}

You also need an app secret. One way to get a random APP_SECRET is to use the following commands, which will generate a random value and add it to your .env file.

npm install -g uuid-cli
echo "APP_SECRET=`uuid`" >> .env

Now you can run the server with the following command:

node .

Links

This example uses the Okta Node SDK and the Okta JWT Verifier.

IMPORTANT: When deploying application to AWS Lambda, make sure to upload your NPM dependencies. https://stackoverflow.com/questions/34437900/how-to-load-npm-modules-in-aws-lambda

Help

Please raise an issue if you find a problem with the example application, or visit our Okta Developer Forums. You can also email [email protected] if would like to create a support ticket.

License

Apache 2.0, see LICENSE.

okta-nodejs-aws-lambda-example's People

Contributors

Stargazers

Watchers

Forkers

larowlan kpeters-cbsi isabella232 sarit-das

okta-nodejs-aws-lambda-example's Issues

Unclear Requirements: Custom Authorization Servers

It is not clear that an expensive feature (Custom Authorization Servers) is required to make this example work.

We were told it would cost an additional $9,000/year to make this example work in production, after we implemented it and were in the process of deploying to production.

getting stuck here

'Unknown authentication strategy "oidc"' under Lambda

First opened as https://github.com/okta/okta-oidc-js/issues/975; see discussion there.

Current behavior

I've deployed the Lambda sample app provided by Okta using Serverless Framework. I'm able to run the app locally, but under Lambda (using AWS API Gateway) I get:

Error: Unknown authentication strategy "oidc"
    at attempt (/var/task/node_modules/passport/lib/middleware/authenticate.js:173:37)
    at authenticate (/var/task/node_modules/passport/lib/middleware/authenticate.js:349:7)
    at /var/task/node_modules/@okta/oidc-middleware/src/connectUtil.js:81:28
    at Layer.handle [as handle_request] (/var/task/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/var/task/node_modules/express/lib/router/index.js:317:13)
    at /var/task/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/var/task/node_modules/express/lib/router/index.js:335:12)
    at next (/var/task/node_modules/express/lib/router/index.js:275:10)
    at urlencodedParser (/var/task/node_modules/body-parser/lib/types/urlencoded.js:91:7)
    at Layer.handle [as handle_request] (/var/task/node_modules/express/lib/router/layer.js:95:5)

Expected behavior

When I access my app, I should be redirected to Okta for authentication

Minimal reproduction of the problem with instructions

Deploy my fork of the example with the following .env (properly redacted):

OKTA_ORG_URL=https://dev-69099605.okta.com
APP_SECRET=<application / session secret>
OKTA_CLIENT_ID=<client ID>
OKTA_CLIENT_SECRET=<client secret>
HOST_URL_LAMBDA=https://<my API ID>.execute-api.us-east-1.amazonaws.com
HOST_URL_LOCAL=http://localhost:8080

Extra information about the use case/user story you are trying to implement

This is similar to okta/okta-oidc-js#68, but the solution suggested there, namely invoking app.listen on the oidc.ready event, doesn't work as written in a Lambda context (the listening is being handled by API gateway, which calls the Lambda function with the contents of the HTTP request). I've tried converting the event to a Promise using promise.toolbox.fromEvent, but that causes my Lambda to throw an error.

Environment

Package Version: 2.0.0
Browser: Firefox
OS: Windows 10
Node version (node -v): AWS Lambda NodeJS 12.x runtime
Other:

While executing node . giving error as Your redirect URI is missing. I provided redirect uri .env file. where else we have to define it

Deploying code to lambda fails

using okta instance https://dev-716546.okta.com I have deployed the code (which works locally) to lambda.

it is pushed to https://fqi83qcoof.execute-api.us-gov-east-1.amazonaws.com

The okta login is never displayed and it fails silently and displays {"message":"Not Found"} when going to the loginCallback route