forked from TimothyJones/github-cognito-openid-wrapper
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtemplate.yml
133 lines (128 loc) · 3.38 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
Github Cognito OpenID Wrapper (SSO)
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Runtime: nodejs14.x
Timeout: 15
Environment:
Variables:
GITHUB_CLIENT_ID:
Ref: GitHubClientIdParameter
GITHUB_CLIENT_SECRET:
Ref: GitHubClientSecretParameter
COGNITO_REDIRECT_URI:
Ref: CognitoRedirectUriParameter
GITHUB_API_URL:
Ref: GitHubUrlParameter
GITHUB_LOGIN_URL:
Ref: GitHubLoginUrlParameter
JWT_RS256_KEY:
Ref: JwtRs256KeyParameter
JWT_RS256_PUBLIC_KEY:
Ref: JwtRs256PublicKeyParameter
Parameters:
GitHubClientIdParameter:
Type: String
GitHubClientSecretParameter:
Type: String
CognitoRedirectUriParameter:
Type: String
GitHubUrlParameter:
Type: String
Default: "https://api.github.com"
MinLength: 1
GitHubLoginUrlParameter:
Type: String
Default: "https://github.com"
MinLength: 1
StageNameParameter:
Type: String
JwtRs256KeyParameter:
Type: String
JwtRs256PublicKeyParameter:
Type: String
Resources:
GithubOAuthApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref StageNameParameter
OpenApiVersion: "2.0"
OpenIdDiscovery:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: openIdConfiguration.handler
Events:
GetResource:
Type: Api
Properties:
Path: /.well-known/openid-configuration
Method: get
RestApiId: !Ref GithubOAuthApi
Authorize:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: authorize.handler
Events:
GetResource:
Type: Api
Properties:
Path: /authorize
Method: get
RestApiId: !Ref GithubOAuthApi
Token:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: token.handler
Events:
GetResource:
Type: Api
Properties:
Path: /token
Method: get
RestApiId: !Ref GithubOAuthApi
PostResource:
Type: Api
Properties:
Path: /token
Method: post
RestApiId: !Ref GithubOAuthApi
UserInfo:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: userinfo.handler
Events:
GetResource:
Type: Api
Properties:
Path: /userinfo
Method: get
RestApiId: !Ref GithubOAuthApi
PostResource:
Type: Api
Properties:
Path: /userinfo
Method: post
RestApiId: !Ref GithubOAuthApi
Jwks:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: jwks.handler
Events:
GetResource:
Type: Api
Properties:
Path: /.well-known/jwks.json
Method: get
RestApiId: !Ref GithubOAuthApi
Outputs:
GitHubShimIssuer:
Description: "GitHub OpenID Shim Issuer"
Value: !Sub "https://${GithubOAuthApi}.execute-api.${AWS::Region}.amazonaws.com/${StageNameParameter}"