Serverless-offline: Cognito local development best practices
Looking for some advice regarding best practices running serverless offline with AWS Cognito configured.
From what I understand all routes are authenticated by default when simply running serverless offline - how would I test being unauthorized, for endpoints that require an authorizer? I was expecting the opposite to happen, where all routes would be unauthenticated by default.
How is the login flow with Cognito handled when running locally, or is it all just mocked?
Appreciated any advice!
isitgeorge
All 2 comments
If it helps I have a sample here that uses Cognito and Serverless Offline (though it is quite an advanced sample):
https://authguidance.com/2018/12/11/serverless-api-overview/
I implemented a custom authorizer to verify the OAuth 2.0 token and return a policy document:
https://github.com/gary-archer/authguidance.apisample.serverless/tree/master/src/framework-api-oauth/src/security
It mostly works very well, though there are a couple of issues I have raised in a separate question.
gary-archer
on 24 Nov 2019
@gary-archer Interesting read! Cheers
isitgeorge
on 6 Dec 2019
Related issues
mattmeye
路
4Comments
Looveh
路
4Comments
JimLynchCodes
路
4Comments
dnalborczyk
路
3Comments
FranzSkuffka
路
3Comments
Most helpful comment
If it helps I have a sample here that uses Cognito and Serverless Offline (though it is quite an advanced sample):
https://authguidance.com/2018/12/11/serverless-api-overview/
I implemented a custom authorizer to verify the OAuth 2.0 token and return a policy document:
https://github.com/gary-archer/authguidance.apisample.serverless/tree/master/src/framework-api-oauth/src/security
It mostly works very well, though there are a couple of issues I have raised in a separate question.