node package manager
Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »


S3O in Lambda

This library makes it a lot easier & faster to secure the HTTP endpoints of AWS Lambda-based serverless applications to FT staff only.


npm install --save @financial-times/s3o-lambda


The whole thing is streamlined, including the redirection to and the callback from S3O. All you need is the below:

const s3o = require("@financial-times/s3o-lambda");
module.exports.handler = (event, context, callback) => {
  s3o(event, callback).then(isSignedIn => {
    if (isSignedIn) {
      // do what you want here
      callback(null, { statusCode: 200, body: "You are signed in." });

This library will redirect the user to sign in using Google if not signed in, and return the user to this same page when successful.

If you want to prevent the redirect behaviour, pass {redirect: false} as the third parameter:

const s3o = require('@financial-times/s3o-lambda');
module.exports.handler = (event, context, callback) => {
    s3o(event, callback, {redirect: false}).then({
        callback(null, { statusCode: 200, body: 'You are signed in.' });

Unauthorised users will receive a 401 status code. It is then up to you to handle redirecting the user to the S3O service in your client-side app.