The code repository for the Serverless Architectures on AWS book
Home Page: http://book.acloud.guru
License: MIT License
I cannot connect to /user-profile after setting up my custom authorizer. All requests from browser or curl result in 401 HTTP failure. API Gateway logs are not verbose enough to diagnose the issue. I've disabled caching and have tweaked parts of the config to see if I can get the request through but have not had any luck.
Oddly, testing the custom authorizer directly through the AWS console test tool works. In this case, the custom-authorizer is invoked and the request is authorized. However, on requests from browsers or cURL, the custom-authorizer lambda is never invoked (as per my checking the logs).
Would appreciate some help on this. Has been a big blocker for moving forward in this book. Here's a thread on the aws forums discussing the issue, but no solution has been posted: https://forums.aws.amazon.com/thread.jspa?threadID=264196.
-General-
Request URL:https://0x24uh9sqk.execute-api.us-east-1.amazonaws.com/dev/user-profile
Request Method:OPTIONS
Status Code:200
Remote Address:13.33.74.102:443
Referrer Policy:no-referrer-when-downgrade
-Response Headers-
access-control-allow-headers:Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods:GET,OPTIONS
access-control-allow-origin:*
content-length:0
content-type:application/json
date:Wed, 07 Mar 2018 16:09:03 GMT
status:200
via:1.1 bc6981f82440e44448ee5dd3577bf4f4.cloudfront.net (CloudFront)
x-amz-cf-id:ts3K2BoHctXUz_sjCNvWa-dmqjPclPio4XoqkNam-ynxGAIQu5LtMA==
x-amzn-requestid:db18a291-2221-11e8-bc27-f7bd3aa6dba6
x-cache:Miss from cloudfront
-Request Headers-
:authority:0x24uh9sqk.execute-api.us-east-1.amazonaws.com
:method:OPTIONS
:path:/dev/user-profile
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, br
accept-language:en
access-control-request-headers:authorization
access-control-request-method:GET
origin:http://127.0.0.1:8100
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
-General-
Request URL:https://0x24uh9sqk.execute-api.us-east-1.amazonaws.com/dev/user-profile
Request Method:GET
Status Code:401
Remote Address:13.33.74.102:443
Referrer Policy:no-referrer-when-downgrade
-Response Headers-
content-length:26
content-type:application/json
date:Wed, 07 Mar 2018 16:09:04 GMT
status:401
via:1.1 bc6981f82440e44448ee5dd3577bf4f4.cloudfront.net (CloudFront)
x-amz-cf-id:hqwVmcSV4AIzqEVAWtKkzBMX1PoflDjtTrw25BjzAoCoIlodr_QAgQ==
x-amzn-errortype:UnauthorizedException
x-amzn-requestid:db1c7368-2221-11e8-824f-8ba7016060e7
x-cache:Error from cloudfront
-Request Headers-
:authority:0x24uh9sqk.execute-api.us-east-1.amazonaws.com
:method:GET
:path:/dev/user-profile
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, br
accept-language:en
authorization:Bearer ***mUuZ
origin:http://127.0.0.1:8100
referer:http://127.0.0.1:8100/
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "allow",
"Resource": "arn:aws:execute-api:us-east-1:550212734867:0x24uh9sqk/null/GET/"
}
]
}Execution log for request test-request
Wed Mar 07 16:09:34 UTC 2018 : Starting authorizer: pylynn for request: test-request
Wed Mar 07 16:09:34 UTC 2018 : Incoming identity: ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************cQmUuZ
Wed Mar 07 16:09:34 UTC 2018 : Endpoint request URI: https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:550212734867:function:custom-authorizer/invocations
Wed Mar 07 16:09:34 UTC 2018 : Endpoint request headers: {x-amzn-lambda-integration-tag=test-request, Authorization=*******************************************************************************************************************************************************************************************************************************************************************************************************a1ca47, X-Amz-Date=20180307T160934Z, x-amzn-apigateway-api-id=0x24uh9sqk, Accept=application/json, User-Agent=AmazonAPIGateway_0x24uh9sqk, X-Amz-Security-Token=AgoGb3JpZ2luEJz//////////wEaCXVzLWVhc3QtMSKAAgVCzhSjc2yH1LAC67+VR4mSHlNUTmV4z3f6Qr7A5hbVGMRWtZPkB3/XyipQm/YSGgcvQA/gwaBr029TbREln3wpmIKjws4pj7N40XHfyhb+5erPbj3NzPmKv4B0EcaukgqebsdszNonVHJaY8xg3AvlQE5Y3gJJuGF/pj2ECBrgK6MI0v1TcOPyCXayH7VSiPXKyTtmGW6cPna3O0AF1uXmc7tNI+NpjIR//o3ZThPLVbvij/LpBLhx0gUh5/+vxrvvywRxIg9BqioBRKHBbJh2JWIueAXxgc4GNrhTVASjqH3vYKVg+UhK9iF+2PJ5trc1Z2J0419Anz4+egm6DC8qiQIIkf//////////ARAAGgw1NTAyMTI3MzQ4NjciDE+/m0P+MlN38lC14yrdAeOd2iAef+mb+2M0MfdVDwfCzr2AClG6U8MK [TRUNCATED]
Wed Mar 07 16:09:34 UTC 2018 : Endpoint request body after transformations: {"type":"TOKEN","methodArn":"arn:aws:execute-api:us-east-1:550212734867:0x24uh9sqk/null/GET/","authorizationToken":"Bearer ****mUuZ"}
Wed Mar 07 16:09:34 UTC 2018 : Sending request to https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:550212734867:function:custom-authorizer/invocations
Wed Mar 07 16:09:35 UTC 2018 : Authorizer result body before parsing: {"principalId":"user","policyDocument":{"Version":"2012-10-17","Statement":[{"Action":"execute-api:Invoke","Effect":"allow","Resource":"arn:aws:execute-api:us-east-1:550212734867:0x24uh9sqk/null/GET/"}]}}
Wed Mar 07 16:09:35 UTC 2018 : Using valid authorizer policy for principal: **er
Wed Mar 07 16:09:35 UTC 2018 : Successfully completed authorizer execution
Logs from the browser requests:
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Verifying Usage Plan for request: db18a291-2221-11e8-bc27-f7bd3aa6dba6. API Key: API Stage: 0x24uh9sqk/dev
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) API Key authorized because method 'OPTIONS /user-profile' does not require API Key. Request will not contribute to throttle or quota limits
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Usage Plan check succeeded for API Key and API Stage 0x24uh9sqk/dev
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Starting execution for request: db18a291-2221-11e8-bc27-f7bd3aa6dba6
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) HTTP Method: OPTIONS, Resource Path: /user-profile
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Method request path:
{}
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Method request query string:
{}
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Method request headers: {Accept=*/*, CloudFront-Viewer-Country=US, CloudFront-Forwarded-Proto=https, CloudFront-Is-Tablet-Viewer=false, origin=http://127.0.0.1:8100, CloudFront-Is-Mobile-Viewer=false, User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36, X-Forwarded-Proto=https, CloudFront-Is-SmartTV-Viewer=false, Host=0x24uh9sqk.execute-api.us-east-1.amazonaws.com, Accept-Encoding=gzip, deflate, br, access-control-request-method=GET, X-Forwarded-Port=443, X-Amzn-Trace-Id=Root=1-5aa00e9f-ecf807d2e914908483ef1fc2, Via=2.0 bc6981f82440e44448ee5dd3577bf4f4.cloudfront.net (CloudFront), access-control-request-headers=authorization, X-Amz-Cf-Id=UwM4w5MyClZq-A1OG2eVO2zZl7vIWycdi9Oczf642w5TryQLNmP08A==, X-Forwarded-For=173.56.28.23, 52.46.46.89, Accept-Language=en, CloudFront-Is-Desktop-Viewer=true}
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Method request body before transformations:
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Received response. Integration latency: 0 ms
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Endpoint response body before transformations:
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Endpoint response headers:
{}
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Method response body after transformations:
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Method response headers: {Access-Control-Allow-Origin=*, Access-Control-Allow-Methods=GET,OPTIONS, Access-Control-Allow-Headers=Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token, Content-Type=application/json}
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Successfully completed execution
(db18a291-2221-11e8-bc27-f7bd3aa6dba6) Method completed with status: 200
(db1c7368-2221-11e8-824f-8ba7016060e7) Unauthorized request: db1c7368-2221-11e8-824f-8ba7016060e7
With the original CDN import, the signup fails although user is created, as reported in There was an error processing the login #546.
<script src="https://cdn.auth0.com/js/lock-9.min.js"></script>
With the current latest 11.8.1 does not work either.
<script src="https://cdn.auth0.com/js/lock/11.8.1/lock.min.js"></script>
Auth0 sample jQuery Quick Start does work.
I suppose the javascript implementation is outdated and does not work anymore.
I am following your book guide and using windows 10 system. The zip file is created successfully but the deploy command not succeed and give the below error.
I have been having trouble using Auth0 with a new account created today. A slightly older account created a month or so ago (5 December 2017) works fine.
The error is that Auth0 Lock is trying (and failing) to do an HTTP GET on
<my-auth0-domain>/user/ssodata
In the Auth0 logs of the older account (where it works), I have a warning entry with a deprecation notice:
SSOdata endpoint: This feature is being deprecated. Please refer to our documentation to learn how to migrate your application.
I followed the descriptions for migration in the documentation combined with the SPA with jQuery Quickstart, and got it to work with centralized login but I cannot be sure this will work with the rest of the chapter and/or book.
In particular, centralized login provides an access token and ID token rather than a user token, and logout does not cleanly eliminate all session data (some cookies remain which 'remember' who last logged in).
It would help to know whether anyone else has a better solution or confirmation that I'm on the right track.
@sbarski I have gone through your examples and its great companion for the book. A good amount of people are python developers and I believe equivalent python examples can be of great value. If you believe so, I am willing to contribute. I have presented @ Serverless Conf London and also attended one of your Serverless workshops at our office. Let me know
The following snippet is in serverless-architectures-aws/chapter-3/Listing 3.1 - 3.4 - Transcode Video Lambda/index.js:
//the input file may have spaces so replace them with '+'
var sourceKey = decodeURIComponent(key.replace(/\+/g, ' '));However, the code does the opposite of what the comment says. I think the correct version should read as:
var sourceKey = decodeURIComponent(key.replace(/\W/g, '+'));Hi,
to avoid world accessible vulnerability of the SNS, it needs to be added "aws:SourceAccount" in Condition like below.
"Condition": {
"StringEquals": {
"aws:SourceAccount": "111122223333"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:::serverless-video-transcoded"
}
}
Hi,
thank you for this great book! it's really help us to understand serverless.
But when i was practice chap5 , i build local website and setting Auth0 well.
When i was try to login Auth0 with Google Account (all api is setting well whatever in js or google )
it's always show alert "There was an error" and Auth0 show "There was an error processing the login."
when i check Auth0 log dashboard ,it's only show "Success login"
i don't know what's happen...can you help this issues?
thank you
In Chapter 7, section 7.2.3 on page 179, there is a step to add the custom authorizer to the videos resource in the API Gateway. Later, in section 7.2.5 in Listing 7.5 on page 186, there is JavaScript code for a video controller which makes the HTTP GET request to the API Gateway. I cannot see where this code sets up the Authorization header that is needed by the custom authorizer. When the request is made, I get an HTTP 401 response (Unauthorized). Is there code similar to that in the user controller missing here (configureAuthenticatedRequests -> $ajax.Setup -> beforeSend)?
Per the documentation for custom authorizers the policy document returned from from the custom authorizer is for the ENTIRE API. I would have thought disabling caching in the custom authorizer would have solved this issue, however it doesn't seem to, in any case disabling caching isn't recommended for custom authorizes for performance reasons (always calling at least 2 lambdas). My solution was to implement different custom authorizers for each endpoint. Some of these issues are discussed here https://forums.aws.amazon.com/thread.jspa?threadID=225934&tstart=0
Added two env variables to rewired.__set__
rewired.__set__({
's3': {listObjects: listObjects},
'process.env.BASE_URL': "https://s3.amazonaws.com",
'process.env.BUCKET': "serverless-video-transcoded"
});I've managed to fix pretty much all my problems with auth0 using the lastest library (v.11) but I<m not sure how to get around the deprecated use of delegation token for the implmentation in firebase DB. Any one has made it work?
Transcode Video Lambda Function
index.js
var params = {
PipelineId: '1451470066051-jscnci',
OutputKeyPrefix: outputKey + '/', <----- my kindle book is added
Input: {
Key: sourceKey
},
original code is loop.
create may files
I've worked through the first 7 chapters of your book (in TypeScript, because JS ๐ฑ) and it's among the finest practical tech books I've ever read. Well-organized; detailed and clear; reinforces concepts regularly; good exercises.
Really, kudos. Amazon should send you a cut of each reader's AWS bill, as I'll be utilizing a lot more AWS computing power as a result of reading your book.
In order for an output folder to be created in the transcode bucket, the folder needs to be prepended to the output path for each of the versions:
Outputs: [
{
Key: outputKey + "/" + outputKey + '-1080p' + '.mp4',
PresetId: '1351620000001-000001' //Generic 1080p
},
{
Key: outputKey + "/" + outputKey + '-720p' + '.mp4',
PresetId: '1351620000001-000010' //Generic 720p
},
{
Key: outputKey + "/" + outputKey + '-web-720p' + '.mp4',
PresetId: '1351620000001-100070' //Web Friendly 720p
}
]};
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.