51. Authentication for a CLI app with Cognito - Live coding PART 4
https://youtu.be/vVic3oqqqfY
How can you build a WeTransfer or a Dropbox Transfer clone on AWS?
This is our fourth live coding stream. In this episode, we started looking into adding some security to our application. Specifically, we started implementing a device auth flow on top of AWS Cognito to allow our file upload CLI application to get some credentials.
All our code is available in this repository: https://github.com/awsbites/weshare.click
🔖 Chapters:
00:00 Intro
04:10 Intro to Cognito
06:47 Difference between User Pools and Identity Pools (Federated Identities)
10:52 High-level view of how OAuth 2 works (implicit flow)
14:55 How can we get tokens for CLI Apps using OAuth 2 / OIDC Connect?
18:20 OAuth 2 device code authorization flow (RFC 8628)
22:40 Device authorization request
26:50 User login and polling
29:50 Verification and token retrieval
39:17 Improvements from the previous version of the code (content-disposition sanitization and more)
47:57 Implementing the OAuth 2 Device code flow using serverless
50:42 Defining a Cognito User Pool in serverless.yml
56:50 Defining the OAuth 2 Client for our application in serverless.yml
1:07:58 Deploying our changes and reviewing the generated resources (and debugging 😅)
1:15:10 Creating environment variables and SSM parameters for easy access to Cognito details
1:21:10 Creating a stub of our Lambda function to handle requests for device auth
1:30:00 Wrapping up
In this episode we mentioned the following resources:
 - Content-Disposition Header on MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition
 - OAuth 2 Device Auth flow RFC8628: https://www.rfc-editor.org/rfc/rfc8628
 - XKCD Comic about password security: https://xkcd.com/936/
 - crypto-random-string package: https://www.npmjs.com/package/crypto-random-string
 - Dash offline documentation app: https://kapeli.com/dash
We set ourselves up for a challenge and in this series of live streams we will try to incrementally build a simple clone of WeTransfer or Dropbox Transfer that would allow us to upload files and share them by URL.
Everything is up for discussion (and your opinion is important!) but right now we are expecting to be using S3, Lambda, API Gateway, Route53, and tons of Node.js!
Come and join us on this awesome project! 🤩
All the episodes of this series:
- 🗒 Full playlist: https://www.youtube.com/watch?v=EfRElTYilyY&list=PLAWXFhe0N1vI1_z-06EzJ22pz95_gBrId
- PART 1: https://youtu.be/EfRElTYilyY (MVP with Lambda, API Gateway, and S3)
- PART 2: https://youtu.be/4wCX32YUtMk (Custom domain with Route53 and Content-Disposition)
- PART 3: https://youtu.be/hlW_RwRgskI (Observability best practices with Middy and Lambda Power Tools + CLI Application)
- PART 4: https://youtu.be/vVic3oqqqfY (Adding authentication using Cognito and implementing the OAuth 2 device flow)
- PART 5: https://youtu.be/0TzfkbisMEA (OAuth 2 device flow and DynamoDB Single Table Design)
- PART 6: https://youtu.be/b-FoqIcOcPw (Completing OAuth 2 device flow and Adding a login command to the CLI application)
#AWS #Cognito #Serverless
How can you build a WeTransfer or a Dropbox Transfer clone on AWS?
This is our fourth live coding stream. In this episode, we started looking into adding some security to our application. Specifically, we started implementing a device auth flow on top of AWS Cognito to allow our file upload CLI application to get some credentials.
All our code is available in this repository: https://github.com/awsbites/weshare.click
🔖 Chapters:
00:00 Intro
04:10 Intro to Cognito
06:47 Difference between User Pools and Identity Pools (Federated Identities)
10:52 High-level view of how OAuth 2 works (implicit flow)
14:55 How can we get tokens for CLI Apps using OAuth 2 / OIDC Connect?
18:20 OAuth 2 device code authorization flow (RFC 8628)
22:40 Device authorization request
26:50 User login and polling
29:50 Verification and token retrieval
39:17 Improvements from the previous version of the code (content-disposition sanitization and more)
47:57 Implementing the OAuth 2 Device code flow using serverless
50:42 Defining a Cognito User Pool in serverless.yml
56:50 Defining the OAuth 2 Client for our application in serverless.yml
1:07:58 Deploying our changes and reviewing the generated resources (and debugging 😅)
1:15:10 Creating environment variables and SSM parameters for easy access to Cognito details
1:21:10 Creating a stub of our Lambda function to handle requests for device auth
1:30:00 Wrapping up
In this episode we mentioned the following resources:
 - Content-Disposition Header on MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition
 - OAuth 2 Device Auth flow RFC8628: https://www.rfc-editor.org/rfc/rfc8628
 - XKCD Comic about password security: https://xkcd.com/936/
 - crypto-random-string package: https://www.npmjs.com/package/crypto-random-string
 - Dash offline documentation app: https://kapeli.com/dash
We set ourselves up for a challenge and in this series of live streams we will try to incrementally build a simple clone of WeTransfer or Dropbox Transfer that would allow us to upload files and share them by URL.
Everything is up for discussion (and your opinion is important!) but right now we are expecting to be using S3, Lambda, API Gateway, Route53, and tons of Node.js!
Come and join us on this awesome project! 🤩
All the episodes of this series:
- 🗒 Full playlist: https://www.youtube.com/watch?v=EfRElTYilyY&list=PLAWXFhe0N1vI1_z-06EzJ22pz95_gBrId
- PART 1: https://youtu.be/EfRElTYilyY (MVP with Lambda, API Gateway, and S3)
- PART 2: https://youtu.be/4wCX32YUtMk (Custom domain with Route53 and Content-Disposition)
- PART 3: https://youtu.be/hlW_RwRgskI (Observability best practices with Middy and Lambda Power Tools + CLI Application)
- PART 4: https://youtu.be/vVic3oqqqfY (Adding authentication using Cognito and implementing the OAuth 2 device flow)
- PART 5: https://youtu.be/0TzfkbisMEA (OAuth 2 device flow and DynamoDB Single Table Design)
- PART 6: https://youtu.be/b-FoqIcOcPw (Completing OAuth 2 device flow and Adding a login command to the CLI application)
#AWS #Cognito #Serverless