Add Guide to Secure AWS HTTP APIs Using Asgardeo #5253
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -0,0 +1,279 @@ | |||
| --- | |||
| template: templates/quick-start.html | |||
| heading: Secure a Pharmacy User API with AWS API Gateway and Asgardeo | |||
There was a problem hiding this comment.
Shall we keep the heading generic?
Suggested change
| heading: Secure a Pharmacy User API with AWS API Gateway and Asgardeo | |
| heading: Securing APIs with AWS API Gateway and Asgardeo |
| --- | ||
| template: templates/quick-start.html | ||
| heading: Secure a Pharmacy User API with AWS API Gateway and Asgardeo | ||
| description: This guide walks you through securing a Pharmacy User API using AWS API Gateway and WSO2 Asgardeo. You'll deploy a Lambda function, expose it via an HTTP API, and protect the endpoint using JWT validation powered by Asgardeo. |
There was a problem hiding this comment.
Suggested change
| description: This guide walks you through securing a Pharmacy User API using AWS API Gateway and WSO2 Asgardeo. You'll deploy a Lambda function, expose it via an HTTP API, and protect the endpoint using JWT validation powered by Asgardeo. | |
| description: This guide walks you through securing a Pharmacy User API using AWS API Gateway and Asgardeo. You'll deploy a Lambda function, expose it via an HTTP API, and protect the endpoint using JWT validation powered by Asgardeo. |
JWT validation is independent of Asgardeo, isn't it? in that case, "JWT validation powered by Asgardeo." isn't accurate, IMO
Comment on lines
5
to
9
| what_you_will_learn: | ||
| - Deploy a serverless AWS Lambda endpoint | ||
| - Secure the API using AWS API Gateway's JWT authorizer | ||
| - Configure OAuth2 application and API scopes in Asgardeo | ||
| - Protect API access using JWTs and test secured endpoints |
There was a problem hiding this comment.
Suggested change
| what_you_will_learn: | |
| - Deploy a serverless AWS Lambda endpoint | |
| - Secure the API using AWS API Gateway's JWT authorizer | |
| - Configure OAuth2 application and API scopes in Asgardeo | |
| - Protect API access using JWTs and test secured endpoints | |
| what_you_will_learn: | |
| - Deploy a serverless endpoint using AWS Lambda | |
| - Secure your API with AWS API Gateway’s JWT authorizer | |
| - Configure an OAuth2 application and define API scopes in Asgardeo | |
| - Protect and test your API using JWT-based access control |
| prerequisites: | ||
| - About 20 minutes | ||
| - AWS Account with CLI access | ||
| - <a href="https://asgardeo.io" target="_blank" rel="noopener noreferrer">Asgardeo account</a> |
There was a problem hiding this comment.
Suggested change
| - <a href="https://asgardeo.io" target="_blank" rel="noopener noreferrer">Asgardeo account</a> | |
| - an <a href="https://asgardeo.io" target="_blank" rel="noopener noreferrer">Asgardeo account</a> |
| ## Step 1: Create and Deploy the Lambda Function | ||
|
|
||
| ### 1. Create IAM Role for Lambda Execution | ||
| ```bash |
There was a problem hiding this comment.
Shall we add a description?
| ## Step 3: Obtain a Bearer Token for Asgardeo Manage App | ||
|
|
||
| You will need a Client ID and Client Secret from an Asgardeo Manage application that can be used to call Asgardeo’s management APIs. You can use an existing application or create a new Manage application in the Asgardeo console with the Client Credentials grant enabled. Make sure the application has the scope internal_application_mgt_create (this scope is required to create a new application via the API). | ||
| ```bash |
There was a problem hiding this comment.
Suggested change
| ```bash | |
| ```bash |
|
|
||
| ## Step 3: Obtain a Bearer Token for Asgardeo Manage App | ||
|
|
||
| You will need a Client ID and Client Secret from an Asgardeo Manage application that can be used to call Asgardeo’s management APIs. You can use an existing application or create a new Manage application in the Asgardeo console with the Client Credentials grant enabled. Make sure the application has the scope internal_application_mgt_create (this scope is required to create a new application via the API). |
There was a problem hiding this comment.
Suggested change
| You will need a Client ID and Client Secret from an Asgardeo Manage application that can be used to call Asgardeo’s management APIs. You can use an existing application or create a new Manage application in the Asgardeo console with the Client Credentials grant enabled. Make sure the application has the scope internal_application_mgt_create (this scope is required to create a new application via the API). | |
| You will need a Client ID and Client Secret from an Asgardeo application that is authorized to invoke Asgardeo management APIs. You can use an existing application or create a new application in the Asgardeo console with the Client Credentials grant enabled. Make sure the application has the scope `internal_application_mgt_create` (this scope is required to create a new application via the API). |
| -d "grant_type=client_credentials&scope=internal_application_mgt_create" 2>/dev/null | jq -r .access_token | ||
| ``` | ||
| Use the obtained token in all subsequent Asgardeo API calls: | ||
| ```bash |
There was a problem hiding this comment.
Suggested change
| ```bash | |
| ```bash |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
This PR introduces a step-by-step guide for securing AWS HTTP API Gateway endpoints using JWT authentication with WSO2 Asgardeo as the identity provider. It demonstrates a fully CLI-based approach suitable for developers building serverless applications that require secure access control.