Serverless — Authentication

Backend service authentication using OpenID Connect.

Serverless — Authentication

We developed REST, GraphQL, and AppSync APIs for our serverless application. The AppSync APIs are protected using an API key.

AAA (Authentication, Authorization, and Accounting) controls the access to computer resources, enforces policies, and audits usage. For modern applications, we have protocols like OAuth2 and OpenID Connect that we can use to implement authentication and authorization.

In this article, we are going to

• Learn the basics of SAML, OAuth2, and OpenID Connect.
• Use Serverless Stack (SST) to provision the AWS Cognito service.
• Protect the AppSync APIs using the Cognito User Pool.
• Deploy and test the APIs.

This article is part of the Serverless for Beginners series.

The source code can be found in this repository.

Getting Started

Let’s go through the basics before writing the code. To support authentication and authorization, we have protocols like SAML, OAuth2, and OpenID Connect. We will briefly go through each of them.

SAML