JustAuthenticateMe Serverless Framework Plugin
Introduction
JustAuthenticateMe offers simple magic link based authentication as a service for web apps. This is a serverless plugin that automatically authenticates your serverless endpoints using JustAuthenticateMe. It uses the JustAuthenticateMe API Gateway Custom Authorizer to verify incoming requests and pass the user's email on to your endpoint handler.
Supported Platforms
Currently, this plugin only supports AWS lambdas behind an API Gateway.
Getting Started
Installing via npm or yarn
justauthenticateme-apigateway-auth is a peer dependency so you'll have install it as well.
npm install --save serverless-justauthenticateme-plugin justauthenticateme-apigateway-auth
yarn add serverless-justauthenticateme-plugin justauthenticateme-apigateway-auth
Adding to your serverless.yml
Step 1: Add the plugin
plugins:
- serverless-justauthenticateme-pluginStep 2: Configure the plugin
You'll need your App ID from the JustAuthenticateMe console.
Static App ID
custom:
justauthenticateme:
appId: 01234567-89ab-cdef-0123-4567890abcdeApp ID per Stage
custom:
justauthenticateme:
appId:
production: 01234567-89ab-cdef-0123-4567890abcde
staging: 456789ab-cdef-0123-4567-89abcdef0123
dev: 890abcde-f012-3456-789a-bcdef1234567Step 3: Specify Authenticated Endpoints
For each endpoint that should only be accessible by authenticated users, specify the authorizer as the
keyword justauthenticateme like so:
functions:
getBooks:
handler: src/getBooks.handler
events:
- http:
path: "api/books"
method: get
authorizer: justauthenticateme
request:
parameters:
headers:
Authorization: trueUsing the Authorizer
Sending requests
When sending requests to endpoints that are protected by this authorizer, include the ID token you get
from JustAuthenticateMe in the Authorization header after the keyword Bearer. It should look something
like this:
Authorization: Bearer eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjJlYjQwMTA0LWRjNDUtNGYzNy1iNjljLTkzN2I2Mzg2YjlmNiJ9.eyJlbWFpbCI6InN1cHBvcnRAanVzdGF1dGhlbnRpY2F0ZS5tZSIsInN1YiI6InN1cHBvcnRAanVzdGF1dGhlbnRpY2F0ZS5tZSIsImF1ZCI6ImIxOWEyMWI0LWFkOWQtNGZkNy04OGMxLTFiNjhiODI1YzY3MSIsImlzcyI6Imh0dHBzOi8vZGV2LWFwaS5qdXN0YXV0aGVudGljYXRlLm1lL2IxOWEyMWI0LWFkOWQtNGZkNy04OGMxLTFiNjhiODI1YzY3MSIsImp0aSI6IjZhMjJjOTEyLWYwMzYtNGU0Mi1iZjM5LTQ3N2ZhM2ExOGY2ZCIsInRva2VuX3VzZSI6ImlkIiwiaWF0IjoxNTgzNjk1NDM5LCJuYmYiOjE1ODM2OTU0MzksImV4cCI6MTU4MzY5NzIzOX0.AZqvVWSXn4zwP4WhYOL-nQEDDEMa4Cmpyx8HGJ-6uc3wLeZVfvil6RyAlUExnd6JpteaAImOrKo5fnv93SSGkP-eAN9igGRg0GmXpIeGno_sY_4rMLXDa6RtABL1lz5LCYMxD79oIYIflWJ-LVqmCF90msq-PysFZcgKVLa8oki8ZlKI
Handling requests
When a request is authenticated successfully, this lambda returns a policy allowing the user access to any resource protected by this authorizer. It also passes along the email address of the authenticated user to the handler of the API endpoint.
Specifically, a lambda handling an endpoint protected by this authorizer can access the user's email at
event.requestContext.authorizer.email.