This repository provides sample code demonstrating integration of AWS Chalice API endpoints with Auth0.
from chalice import Chalice
from chalicelib.auth0.blueprint import auth0, requires_auth
# App Configuration
app = Chalice(app_name='chalice-auth0-sample')
app.register_blueprint(auth0)
# App Routes
@app.route('/')
def public():
return {'message': 'Hello from a public endpoint! You don\'t need to be authenticated to see this.'}
@app.route('/private', methods=['GET', 'POST'])
@requires_auth
def private():
return {'message': 'Hello from a private endpoint! You need to be authenticated to see this.'}First create and activate a virtual environment in Python:
$ python3 --version
Python 3.9.10
$ python3 -m venv venv39
$ . venv39/bin/activateNext, download the sample code:
git clone https://github.com/NucleiAI/chalice-auth0-sample.gitInstall dependencies
cd chalice-auth0-sample
pip install -r requirements.txtTo use Auth0 authentication, you need an Auth0 account. If you don't have an account yet, you can sign up for a free Auth0 account here.
After signing up (and signing in):
- Go to the Auth0 Dashboard
- Select the Applications dropdown, and then select APIs
- Click Create API
- Enter a Name for your API, and a unique Identifer for the API.
- Select Create
- Select the Test tab
You can use the bearer token available here for making authenticated requests to the API's private endpoint.
NOTE: You will also need the unique Identifier you created in Step 3 when completing the Chalice Configuration.
Before you can deploy the application, be sure you have AWS credentials configured. If you have previously configured your machine to run boto3 (the AWS SDK for Python) or the AWS CLI then you can skip this section.
If this is your first time configuring credentials for AWS you can follow these steps to quickly get started:
$ mkdir ~/.aws
$ cat >> ~/.aws/config
[default]
aws_access_key_id=YOUR_ACCESS_KEY_HERE
aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
region=YOUR_REGION (such as us-west-2, us-west-1, etc)If you want more information on all the supported methods for configuring credentials, see the boto3 docs.
Before deploying the app, you will need to update the environment_variables in the .chalice/chalice.json file:
{
"version": "2.0",
"app_name": "chalice-auth0-sample",
"environment_variables": {
"ALGORITHMS": "RS256",
"API_AUDIENCE": "https://unique-idenfier-for-the-api",
"AUTH0_APP_CLIENT_ID": "your-auth0-app-client-id",
"AUTH0_APP_CLIENT_SECRET": "your-auth0-app-client-secret",
"AUTH0_DOMAIN": "dev-12345678.us.auth0.com"
},
"stages": {
"dev": {
"api_gateway_stage": "api"
}
}
}To deploy the sample app, make sure that you are in the chalice-auth0-sample directory and run chalice deploy:
$ chalice deploy
Creating deployment package.
Creating IAM role: chalicelib-auth0-sample-dev
Creating lambda function: chalicelib-auth0-sample-dev
Creating Rest API
Resources deployed:
- Lambda ARN: arn:aws:lambda:us-west-2:12345:function:chalicelib-auth0-sample-dev
- Rest API URL: https://abcd.execute-api.us-west-2.amazonaws.com/api/The below examples use the HTTPie CLI to make requests to the deployed API:
$ http GET {your REST API URL} Authorization:"Bearer {your bearer token}"Alternatively you can test the API endpoints using curl:
$ curl {your REST API URL} -H "Authorization: Bearer {your bearer token}"To test the sample app's public endpoint with HTTPie:
$ http GET {your REST API URL}
HTTP/1.1 200 OK
{
"message": "Hello from a public endpoint! You don't need to be authenticated to see this."
}To test the sample app's private endpoint with HTTPie:
$ http GET {your REST API URL}/private Authorization:"Bearer {your test Auth0 token}"
HTTP/1.1 200 OK
{
"message": "Hello from a private endpoint! You need to be authenticated to see this."
}If you’re done experimenting with the app and you’d like to cleanup, you can use the chalice delete command, and Chalice will delete all the resources it created when running the chalice deploy command.
$ chalice delete
Deleting Rest API: abcd4kwyl4
Deleting function aws:arn:lambda:region:123456789:chalice-auth0-sample-dev
Deleting IAM Role chalice-auth0-sample-dev