SlideShare a Scribd company logo

Serverless OAuth: Authorizing Third-Party Applications to Your Serverless API - SRV425 - re:Invent 2017

Amazon Web Services
Amazon Web Services

This document outlines a presentation on serverless OAuth and authorizing third-party applications to access a serverless API. The presentation discusses OAuth standards and flows, Amazon Cognito user pools for authentication, and Amazon API Gateway usage plans for metering and limiting third-party API usage. It provides an overview of these topics to help build a platform where third-party developers can build applications that integrate with serverless APIs.

1 of 43
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Serverless OAuth: Authorizing Third - Party Applications to Your Serverless API S t e f a n o B u l i a n i — S p e c i a l i s t S o l u t i o n s A r c h i t e c t , S e r v e r l e s s @ s a p e s s i N o v e m b e r 2 9 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Wild Rydes • What is OAuth and why do we use it? • Amazon Cognito user pools • Usage plans
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Wild Rydes
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Help Wild Rydes disrupt transportation!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Wild Rydes The Wild Rydes Serverless Web Application Workshop introduces the basics of building web applications using serverless infrastructure
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Wild Rydes—becoming a platform We want to enable third-party developers to build new applications on top of the Wild Rydes APIs Web Browser Amazon S3 3rd party app HTML, CSS, JavaScript, etc. Amazon Cognito User Pool Implicit grant OAuth 2.0 flow Amazon API Gateway Dynamic API Calls Over HTTP AWS Lambda Amazon DynamoDB Custom authorizer Usage plans Unicorn resource Server and scope
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Workshop rules • Organize in teams—mix skill levels • Initial instructions are not detailed on purpose • Do not hesitate to call us and ask questions; all teams may learn from the answers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is OAuth and why do we use it? What is OAuth? Why we use OAuth When not to use OAuth The authentication flows
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is OAuth and why do we use it? • OAuth is not an API or a service: it is an open standard for authorization, and any developer can implement it • OAuth flows provide client applications with “secure delegated access” • OAuth authorizes devices, APIs, servers, and applications with access tokens rather than credentials OAuth is an open standard for authorization, commonly used as a way for internet users to authorize websites or applications to access their information on other websites but without giving them the passwords
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. When not to use OAuth • OAuth is a tradeoff—it’s not particularly secure but it makes it easy to build a platform that third-party developers can interact with • Unless you are building (or plan to build) a platform, there is no need to use OAuth • OAuth increases the attack surface on your APIs • Tokens sent via GET requests
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OAuth ≠ security—follow best practices The OAuth specifications do not guarantee the security of your system; following best practices is still the most important thing • Do not expose secrets and use HTTPS • Minimum viable permissions for a token • Expire tokens frequently • Sign requests if possible • If you can avoid it, don’t use URLs to pass parameters
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The actors • User—the user interacting with an application • Consumer—the application • Service provider—the login service (or identity) provider
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical OAuth flow Joe (user): “Hey, Bitly, I would like you to be able to post links directly to my Twitter stream.” Bitly (consumer): “I have a user that would like me to post to his stream. Can I have a request token?” Twitter (service provider): “Sure. Here’s a token and a secret.” Bitly: “OK, Joe. I’m sending you over to Twitter so you can approve. Take this token with you.” Joe: “Twitter, I’d like to authorize this request token that Bitly gave me.” Twitter: “OK, just to be sure, you want to authorize Bitly to do X, Y, and Z with your Twitter account?” Twitter: “OK, you can go back to Bitly and tell them they have permission to use their request token.”
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—authorization code grant Used on web servers—only when server-side code is NOT public 1. Your website redirects to IdP login page 2. IdP calls your web server with authorization code 3. Your server uses the authorization code to get an access token from the IdP
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—implicit grant Used on client-side apps (mobile)—doesn’t require a secret key 1. Your website redirects to IdP login page 2. IdP redirects back with access token
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—client credentials grant Used from a server—does not grant access to a user identity that didn’t previously agree 1. Your server makes an API call with client ID and secret 2. IdP returns an access token
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—password credentials grant You are the identity provider—you own both the client and the server 1. User goes to login page on your website 2. Your server verifies the credentials 3. User is redirected to the website with an access token
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Cognito My User Pools Benefits of My User Pools Features of My User Pools OAuth support
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Cognito My User Pools Add user sign-up and sign-in easily to your mobile and web apps without worrying about server infrastructure Serverless authentication and user management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced security features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to hundreds of millions of users Managed user directory 1 2 3
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Hosted UI and common user actions Email or phone number verification Forgot password User sign-up and sign-in Require users to verify their email address or phone number prior to activating their account, with a one-time password challenge Provide users the ability to change their password when they forget it with a one-time password challenge Allow users to sign up and sign in using an email, phone number, or username (and password) for your application User profile data Enable users to view and update their profile data—including custom attributes SMS multi-factor authentication Require users to complete a second factor of authentication by inputting a security code received via SMS as part of the sign-in flow Token-based authentication Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth 2.0 standards for user authentication in your backend
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customize flows using AWS Lambda Category Lambda Hook Example Scenarios Custom authentication flow Define Auth Challenge Determines the next challenge in a custom auth flow Create Auth Challenge Creates a challenge in a custom auth flow Verify Auth Challenge Response Determines whether a response is correct in a custom auth flow Authentication events Pre Authentication Custom validation to accept or deny the sign-in request Post Authentication Event logging for custom analytics Sign-up Pre Sign-up Custom validation to accept or deny the sign-up request Post Confirmation Custom welcome messages or event logging for custom analytics Messages Custom Message Advanced customization and localization of messages
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OAuth 2.0 in Amazon Cognito My User Pools• OAuth 2.0 flows: • Authorization code grant • Implicit flow • Client credentials • Custom scopes defined for resource servers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resource servers and custom scopes App B • Custom scopes can define allowable operations on resources—for example, the ability to read a user’s photos • Developers define resource servers within a user pool • Scopes are defined under a resource server • Developers can choose which app clients can request for each scope App A Amazon Cognito User Pool Resource Server Resource Server Resource Server Scope Scope Scope Scope Scope Scope Scope Scope Scope
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway usage plans What are usage plans? Features introduction
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enforce throttle, quotas, and meter Quota Throttling Metering Internet Mobile apps Websites Partner Services AWS Lambda functions API Gateway response cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudWatch Amazon CloudFront API Gateway
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Meter and limit usage by third-party developers Monitor and limit third-party developers: • Define groups of consumers (partners, apps) • Set throttles and quotas for each group • Track each group’s usage Helps you: • Manage and monetize your APIs • Apply business policies across your consumers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sample plans Basic plan • 10 RPS • Max. 1,000 requests/day Professional plan • 100 RPS • Max. 1,000,000 requests/day
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill third-party developers Internet Mobile apps Partner Services Websites API Gateway Third-party developers register for an API key Usage for each API key is metered CloudWatch event triggers monthly bill generation Lambda function extracts utilization data and generates bills Bills are emailed to third-party developers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Serverless OAuth S t e f a n o B u l i a n i – S p e c i a l i s t S o l u t i o n s A r c h i t e c t , S e r v e r l e s s @ s a p e s s i
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DECK GUIDELINES Sizes, colors and layouts are all pre-built into this template. Color palette Please do not use gradients, shadows or outlines on shape elements. Limit color use for chart graphics to grayscale plus one accent color.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COPY & PASTE CODE When pasting content Code into a Code template please use the “Keep Text Only Function” for Windows and “Destination Theme” for Macs. If any additional coloring needs to be done to your code type please do it after pasting it into your slide. Windows Mac
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASSETS USAGE Multiple assets can be combined to create one graphic Deck_Box- Files.png Deck_Arrows1. png Deck_Buildings- MediumBusiness. png Deck_Buildin gs- Enterprise.pn g Deck_Buildings- SmallBusiness.p ng Deck_Laptop- Dark-Code.png Deck_Certificati on-Badge.png Deck_App2.p ng Deck_Lock.p ng
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RESIZING ASSETS Always hold down shift key and drag from corners when scaling assets with Shift without Shift
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TITLE ONLY
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TITLE & CONTENT
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CODE SNIPPET
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SECTION TITLE CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT C L I C K T O A D D T E X T
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TWO CONTENT
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLICK TO ADD TEXT CLICK TO ADD TEXT COMPARISON
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THREE CONTENT
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT FOUR CONTENT - GRAPHICS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT SIX CONTENT - GRAPHICS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

Network Performance: Making Every Packet Count - NET401 - re:Invent 2017
Network Performance: Making Every Packet Count - NET401 - re:Invent 2017Network Performance: Making Every Packet Count - NET401 - re:Invent 2017
Network Performance: Making Every Packet Count - NET401 - re:Invent 2017Amazon Web Services
 
How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017
How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017
How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017Amazon Web Services
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsAmazon Web Services
 
DEV204_Debugging Modern Applications Introduction to AWS X-Ray
DEV204_Debugging Modern Applications Introduction to AWS X-RayDEV204_Debugging Modern Applications Introduction to AWS X-Ray
DEV204_Debugging Modern Applications Introduction to AWS X-RayAmazon Web Services
 
Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Amazon Web Services
 
Launch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksLaunch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksAmazon Web Services
 
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Amazon Web Services
 
CMP315_Optimizing Network Performance for Amazon EC2 Instances
CMP315_Optimizing Network Performance for Amazon EC2 InstancesCMP315_Optimizing Network Performance for Amazon EC2 Instances
CMP315_Optimizing Network Performance for Amazon EC2 InstancesAmazon Web Services
 

Recommended

Network Performance: Making Every Packet Count - NET401 - re:Invent 2017
Network Performance: Making Every Packet Count - NET401 - re:Invent 2017Network Performance: Making Every Packet Count - NET401 - re:Invent 2017
Network Performance: Making Every Packet Count - NET401 - re:Invent 2017Amazon Web Services
 
How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017
How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017
How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017Amazon Web Services
 
DEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsDEV322_Continuous Integration Best Practices for Software Development Teams
DEV322_Continuous Integration Best Practices for Software Development TeamsAmazon Web Services
 
DEV204_Debugging Modern Applications Introduction to AWS X-Ray
DEV204_Debugging Modern Applications Introduction to AWS X-RayDEV204_Debugging Modern Applications Introduction to AWS X-Ray
DEV204_Debugging Modern Applications Introduction to AWS X-RayAmazon Web Services
 
Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Amazon Web Services
 
Launch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksLaunch Applications the Amazon Way - AWS Online Tech Talks
Launch Applications the Amazon Way - AWS Online Tech TalksAmazon Web Services
 
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Amazon Web Services
 
CMP315_Optimizing Network Performance for Amazon EC2 Instances
CMP315_Optimizing Network Performance for Amazon EC2 InstancesCMP315_Optimizing Network Performance for Amazon EC2 Instances
CMP315_Optimizing Network Performance for Amazon EC2 InstancesAmazon Web Services
 
MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...
MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...
MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...Amazon Web Services
 
What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017Amazon Web Services
 
Containers on AWS - State of the Union - CON201 - re:Invent 2017
Containers on AWS - State of the Union - CON201 - re:Invent 2017Containers on AWS - State of the Union - CON201 - re:Invent 2017
Containers on AWS - State of the Union - CON201 - re:Invent 2017Amazon Web Services
 
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017Amazon Web Services
 
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...Amazon Web Services
 
Networking State of the Union - NET205 - re:Invent 2017
Networking State of the Union - NET205 - re:Invent 2017Networking State of the Union - NET205 - re:Invent 2017
Networking State of the Union - NET205 - re:Invent 2017Amazon Web Services
 
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017Amazon Web Services
 
NET302_Global Traffic Management with Amazon Route 53
NET302_Global Traffic Management with Amazon Route 53NET302_Global Traffic Management with Amazon Route 53
NET302_Global Traffic Management with Amazon Route 53Amazon Web Services
 
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...Extending Data Centers to the Cloud: Connectivity Options and Considerations ...
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...Amazon Web Services
 
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017Amazon Web Services
 
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Amazon Web Services
 
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017Amazon Web Services
 
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Amazon Web Services
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsAmazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
CTD302_How Hulu reinvented Television using the AWS Cloud
CTD302_How Hulu reinvented Television using the AWS CloudCTD302_How Hulu reinvented Television using the AWS Cloud
CTD302_How Hulu reinvented Television using the AWS CloudAmazon Web Services
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
 
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveGPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveAmazon Web Services
 
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Amazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeAmazon Web Services
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 

More Related Content

What's hot

MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...
MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...
MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...Amazon Web Services
 
What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017Amazon Web Services
 
Containers on AWS - State of the Union - CON201 - re:Invent 2017
Containers on AWS - State of the Union - CON201 - re:Invent 2017Containers on AWS - State of the Union - CON201 - re:Invent 2017
Containers on AWS - State of the Union - CON201 - re:Invent 2017Amazon Web Services
 
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017Amazon Web Services
 
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...Amazon Web Services
 
Networking State of the Union - NET205 - re:Invent 2017
Networking State of the Union - NET205 - re:Invent 2017Networking State of the Union - NET205 - re:Invent 2017
Networking State of the Union - NET205 - re:Invent 2017Amazon Web Services
 
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017Amazon Web Services
 
NET302_Global Traffic Management with Amazon Route 53
NET302_Global Traffic Management with Amazon Route 53NET302_Global Traffic Management with Amazon Route 53
NET302_Global Traffic Management with Amazon Route 53Amazon Web Services
 
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...Extending Data Centers to the Cloud: Connectivity Options and Considerations ...
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...Amazon Web Services
 
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017Amazon Web Services
 
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Amazon Web Services
 
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017Amazon Web Services
 
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Amazon Web Services
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsAmazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Amazon Web Services
 
CTD302_How Hulu reinvented Television using the AWS Cloud
CTD302_How Hulu reinvented Television using the AWS CloudCTD302_How Hulu reinvented Television using the AWS Cloud
CTD302_How Hulu reinvented Television using the AWS CloudAmazon Web Services
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
 
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveGPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveAmazon Web Services
 
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Amazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeAmazon Web Services
 

What's hot (20)

MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...
MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...
MBL204_Architecting Cost-Effective Mobile Backends for Scale, Security, and P...
 
What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017What's New in Serverless - SRV305 - re:Invent 2017
What's New in Serverless - SRV305 - re:Invent 2017
 
Containers on AWS - State of the Union - CON201 - re:Invent 2017
Containers on AWS - State of the Union - CON201 - re:Invent 2017Containers on AWS - State of the Union - CON201 - re:Invent 2017
Containers on AWS - State of the Union - CON201 - re:Invent 2017
 
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017
How Do I Build a Global Transit Network on AWS? - MSC302 - re:Invent 2017
 
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...
A Day in the Life of a Cloud Network Engineer at Netflix - NET303 - re:Invent...
 
Networking State of the Union - NET205 - re:Invent 2017
Networking State of the Union - NET205 - re:Invent 2017Networking State of the Union - NET205 - re:Invent 2017
Networking State of the Union - NET205 - re:Invent 2017
 
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017
Best Practices for Orchestrating AWS Lambda Workloads - SRV335 - re:Invent 2017
 
NET302_Global Traffic Management with Amazon Route 53
NET302_Global Traffic Management with Amazon Route 53NET302_Global Traffic Management with Amazon Route 53
NET302_Global Traffic Management with Amazon Route 53
 
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...Extending Data Centers to the Cloud: Connectivity Options and Considerations ...
Extending Data Centers to the Cloud: Connectivity Options and Considerations ...
 
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017
Taking DevOps Closer to the AWS Edge - CTD401 - re:Invent 2017
 
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...
 
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017
NEW LAUNCH! Deep dive on Amazon Neptune - DAT318 - re:Invent 2017
 
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
 
CTD302_How Hulu reinvented Television using the AWS Cloud
CTD302_How Hulu reinvented Television using the AWS CloudCTD302_How Hulu reinvented Television using the AWS Cloud
CTD302_How Hulu reinvented Television using the AWS Cloud
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
 
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to MoveGPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move
 
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
Massively Parallel Data Processing with PyWren and AWS Lambda - SRV424 - re:I...
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the Edge
 

Similar to Serverless OAuth: Authorizing Third-Party Applications to Your Serverless API - SRV425 - re:Invent 2017

Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Amazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAmazon Web Services
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven MicroservicesChris Munns
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Amazon Web Services
 
User Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoUser Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoAmazon Web Services
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAmazon Web Services
 
Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and AuthenticationAmazon Web Services
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsAmazon Web Services
 

Similar to Serverless OAuth: Authorizing Third-Party Applications to Your Serverless API - SRV425 - re:Invent 2017 (20)

Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
How to: Avoid Mistakes at Scale
How to: Avoid Mistakes at ScaleHow to: Avoid Mistakes at Scale
How to: Avoid Mistakes at Scale
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven Microservices
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
User Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoUser Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon Cognito
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon Cognito
 
Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and Authentication
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security AnalyticsNET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
NET203_Using Amazon VPC Flow Logs to Do Predictive Security Analytics
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Serverless OAuth: Authorizing Third-Party Applications to Your Serverless API - SRV425 - re:Invent 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Serverless OAuth: Authorizing Third - Party Applications to Your Serverless API S t e f a n o B u l i a n i — S p e c i a l i s t S o l u t i o n s A r c h i t e c t , S e r v e r l e s s @ s a p e s s i N o v e m b e r 2 9 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Wild Rydes • What is OAuth and why do we use it? • Amazon Cognito user pools • Usage plans
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Wild Rydes
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Help Wild Rydes disrupt transportation!
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Wild Rydes The Wild Rydes Serverless Web Application Workshop introduces the basics of building web applications using serverless infrastructure
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Wild Rydes—becoming a platform We want to enable third-party developers to build new applications on top of the Wild Rydes APIs Web Browser Amazon S3 3rd party app HTML, CSS, JavaScript, etc. Amazon Cognito User Pool Implicit grant OAuth 2.0 flow Amazon API Gateway Dynamic API Calls Over HTTP AWS Lambda Amazon DynamoDB Custom authorizer Usage plans Unicorn resource Server and scope
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Workshop rules • Organize in teams—mix skill levels • Initial instructions are not detailed on purpose • Do not hesitate to call us and ask questions; all teams may learn from the answers
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is OAuth and why do we use it? What is OAuth? Why we use OAuth When not to use OAuth The authentication flows
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is OAuth and why do we use it? • OAuth is not an API or a service: it is an open standard for authorization, and any developer can implement it • OAuth flows provide client applications with “secure delegated access” • OAuth authorizes devices, APIs, servers, and applications with access tokens rather than credentials OAuth is an open standard for authorization, commonly used as a way for internet users to authorize websites or applications to access their information on other websites but without giving them the passwords
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. When not to use OAuth • OAuth is a tradeoff—it’s not particularly secure but it makes it easy to build a platform that third-party developers can interact with • Unless you are building (or plan to build) a platform, there is no need to use OAuth • OAuth increases the attack surface on your APIs • Tokens sent via GET requests
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OAuth ≠ security—follow best practices The OAuth specifications do not guarantee the security of your system; following best practices is still the most important thing • Do not expose secrets and use HTTPS • Minimum viable permissions for a token • Expire tokens frequently • Sign requests if possible • If you can avoid it, don’t use URLs to pass parameters
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The actors • User—the user interacting with an application • Consumer—the application • Service provider—the login service (or identity) provider
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical OAuth flow Joe (user): “Hey, Bitly, I would like you to be able to post links directly to my Twitter stream.” Bitly (consumer): “I have a user that would like me to post to his stream. Can I have a request token?” Twitter (service provider): “Sure. Here’s a token and a secret.” Bitly: “OK, Joe. I’m sending you over to Twitter so you can approve. Take this token with you.” Joe: “Twitter, I’d like to authorize this request token that Bitly gave me.” Twitter: “OK, just to be sure, you want to authorize Bitly to do X, Y, and Z with your Twitter account?” Twitter: “OK, you can go back to Bitly and tell them they have permission to use their request token.”
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—authorization code grant Used on web servers—only when server-side code is NOT public 1. Your website redirects to IdP login page 2. IdP calls your web server with authorization code 3. Your server uses the authorization code to get an access token from the IdP
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—implicit grant Used on client-side apps (mobile)—doesn’t require a secret key 1. Your website redirects to IdP login page 2. IdP redirects back with access token
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—client credentials grant Used from a server—does not grant access to a user identity that didn’t previously agree 1. Your server makes an API call with client ID and secret 2. IdP returns an access token
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Four flows—password credentials grant You are the identity provider—you own both the client and the server 1. User goes to login page on your website 2. Your server verifies the credentials 3. User is redirected to the website with an access token
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Cognito My User Pools Benefits of My User Pools Features of My User Pools OAuth support
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Cognito My User Pools Add user sign-up and sign-in easily to your mobile and web apps without worrying about server infrastructure Serverless authentication and user management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced security features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to hundreds of millions of users Managed user directory 1 2 3
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Hosted UI and common user actions Email or phone number verification Forgot password User sign-up and sign-in Require users to verify their email address or phone number prior to activating their account, with a one-time password challenge Provide users the ability to change their password when they forget it with a one-time password challenge Allow users to sign up and sign in using an email, phone number, or username (and password) for your application User profile data Enable users to view and update their profile data—including custom attributes SMS multi-factor authentication Require users to complete a second factor of authentication by inputting a security code received via SMS as part of the sign-in flow Token-based authentication Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth 2.0 standards for user authentication in your backend
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customize flows using AWS Lambda Category Lambda Hook Example Scenarios Custom authentication flow Define Auth Challenge Determines the next challenge in a custom auth flow Create Auth Challenge Creates a challenge in a custom auth flow Verify Auth Challenge Response Determines whether a response is correct in a custom auth flow Authentication events Pre Authentication Custom validation to accept or deny the sign-in request Post Authentication Event logging for custom analytics Sign-up Pre Sign-up Custom validation to accept or deny the sign-up request Post Confirmation Custom welcome messages or event logging for custom analytics Messages Custom Message Advanced customization and localization of messages
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OAuth 2.0 in Amazon Cognito My User Pools• OAuth 2.0 flows: • Authorization code grant • Implicit flow • Client credentials • Custom scopes defined for resource servers
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resource servers and custom scopes App B • Custom scopes can define allowable operations on resources—for example, the ability to read a user’s photos • Developers define resource servers within a user pool • Scopes are defined under a resource server • Developers can choose which app clients can request for each scope App A Amazon Cognito User Pool Resource Server Resource Server Resource Server Scope Scope Scope Scope Scope Scope Scope Scope Scope
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway usage plans What are usage plans? Features introduction
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enforce throttle, quotas, and meter Quota Throttling Metering Internet Mobile apps Websites Partner Services AWS Lambda functions API Gateway response cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudWatch Amazon CloudFront API Gateway
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Meter and limit usage by third-party developers Monitor and limit third-party developers: • Define groups of consumers (partners, apps) • Set throttles and quotas for each group • Track each group’s usage Helps you: • Manage and monetize your APIs • Apply business policies across your consumers
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sample plans Basic plan • 10 RPS • Max. 1,000 requests/day Professional plan • 100 RPS • Max. 1,000,000 requests/day
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill third-party developers Internet Mobile apps Partner Services Websites API Gateway Third-party developers register for an API key Usage for each API key is metered CloudWatch event triggers monthly bill generation Lambda function extracts utilization data and generates bills Bills are emailed to third-party developers
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Serverless OAuth S t e f a n o B u l i a n i – S p e c i a l i s t S o l u t i o n s A r c h i t e c t , S e r v e r l e s s @ s a p e s s i
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DECK GUIDELINES Sizes, colors and layouts are all pre-built into this template. Color palette Please do not use gradients, shadows or outlines on shape elements. Limit color use for chart graphics to grayscale plus one accent color.
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COPY & PASTE CODE When pasting content Code into a Code template please use the “Keep Text Only Function” for Windows and “Destination Theme” for Macs. If any additional coloring needs to be done to your code type please do it after pasting it into your slide. Windows Mac
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ASSETS USAGE Multiple assets can be combined to create one graphic Deck_Box- Files.png Deck_Arrows1. png Deck_Buildings- MediumBusiness. png Deck_Buildin gs- Enterprise.pn g Deck_Buildings- SmallBusiness.p ng Deck_Laptop- Dark-Code.png Deck_Certificati on-Badge.png Deck_App2.p ng Deck_Lock.p ng
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RESIZING ASSETS Always hold down shift key and drag from corners when scaling assets with Shift without Shift
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TITLE ONLY
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TITLE & CONTENT
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CODE SNIPPET
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SECTION TITLE CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT C L I C K T O A D D T E X T
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TWO CONTENT
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLICK TO ADD TEXT CLICK TO ADD TEXT COMPARISON
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THREE CONTENT
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT FOUR CONTENT - GRAPHICS
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT CLICK TO ADD TEXT SIX CONTENT - GRAPHICS
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!