By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

OAuth redirect URL

0

Hi, I am trying to connect to a 3rd party software via APIs to get a Bearer token. I need a redirect URL for this. What is the easiest way to do this? I thought through the API Gateway but when I started looking for information I came across Amazon Cognito https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html Are either of those the best way to proceed? Or is there another way? I am sorry if this is a very simple problem but the more documentation I read the more confused I became. Please advise I am using lambdas written in Python.
Thank you for your help

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
ServerlessAmazon API GatewayAmazon Cognito
Language
English
rePost-User-1716497
asked a year ago603 views
2 Answers
0

I assume you mean that you have a python lambda function which is trying to connect to - for example - the linkedin API. (Insert your own API in here - they all use the oauth2.0 protocol nowadays).

As per the linkedin API docs, you need to provide a redirect_uri. This bit kind of sucks if you're not a web developer like me or you. Basically there's no way around this, you have to enter a url which redirects you within a browser and lets you enter your login details for the 3rd party app, then grant access.

I found an easy way to do it in this walkthrough. Basically, it tells you to do the following:

If you're developing an app on AWS serverless architecture, then a quick solution is to:

  • Use this code to make a call to the linkedin API, then store the key and refresh key from the response in s3.
  • Create a lambda function to periodically regenerate these tokens.
  • In your lambda function to, for example, post content to linkedin, first read the object from s3 then pass those keys into your API call.

The problem with this solution occurs when an API call fails and the tokens aren't refreshed. A better solution would be to use step functions to manage failed attempts and store the keys in secrets manager. Fortunately a great walkthrough for this exists too.

Good luck.

Ash
answered 3 months ago
-1

Hello,

Based on the limited info provided, I can distinguish two parts to this question; one being the authentication (where tokens kick in) and another part of access (where we can use the API Gateway along with the lambda function)

If you are looking to generate a token via an IdP, Cognito can be used, which in its ecosystem with User Pool and an App Client will enable you to retrieve Access and ID Tokens upon successful authentication. You can refer the below link to learn more about using tokens with Cognito.

[+] Using tokens with user pools

You can in turn use these tokens via an API Gateway to grant access to your own API or lambda function. Additionally,API gateway can be used to access a protected API through lambda authorisers as well if that suits more to your use case. Links to integrate these can be found below:

[+] Use API Gateway Lambda authorizers

[+] Control access to a REST API using Amazon Cognito user pools as authorizer

[+] Accessing resources with API Gateway and Lambda after sign-in

That being said, to further look into this issue more closely, if you would like to do a resource based troubleshooting, please raise a support case with AWS for further information. If a support case has already been created please be assured that we will get back to you and assist you in the best way possible.

https://console.aws.amazon.com/support/home#/case/create

AWS
rePost-User-2616680
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content