Developed React Front End with Authentication Per User

Question

Developed React Front End with Authentication Per User

jcummins54 opened this issue 8 years ago · 5 comments

I've forked the latest version of the master branch as of today (11/02/2016) and integrated with the serverless-react-boilerplate. Features are:

Writes user data to user table.
Authenticates per user so that one user cannot modify another's data.
Authenticates user before responding with auth token to prevent hacking.

Working demo here: http://sls-react-auth.s3-website-us-east-1.amazonaws.com/ (facebook login only).

See: https://github.com/jcummins54/serverless-react-boilerplate
and https://github.com/jcummins54/serverless-authentication-boilerplate

Would be happy to collaborate to make this a branch here.

Answer 1 · 2016-11-03T13:34:16.000Z

Yes, absolutely, I quickly went though the code and these are good changes.

I was thinking to create the users table and then I thought that maybe developers want to choose between different databases, but I guess it is good to create that table, least as an example.

Answer 2 · 2016-11-19T00:01:02.000Z

I've made quite a few changes to localize all environment settings into one file, so different deployments can be easily configured and tested. My latest is this branch: https://github.com/jcummins54/serverless-authentication-boilerplate/tree/react-authenticate
which is set up to work with the front end React client from this branch:
https://github.com/99xt/serverless-react-boilerplate/tree/react-authenticate

Changes include:

All environment variables set in authentication/env.yml
Everything pulls its settings from this file including the test suite and the test-token
Modified specs-docker.sh to remove env variables which are no longer needed there. Also, docker was looking for a .env in the root folder, so it creates a blank one and deletes it just to keep docker happy. All environment variables are loaded from authentication/env.yml

Happy to get your feedback.

Answer 3 · 2016-11-19T07:35:04.000Z

@jcummins54 Nice, I'll check this later today, could you open a PR? I took a quick look to changes and those would be great additions.

Answer 4 · 2016-11-19T22:19:09.000Z

Sure, but take a look at line 19 on the authorizeHandler.js
https://github.com/jcummins54/serverless-authentication-boilerplate/blob/react-authenticate/authentication/lib/handlers/authorizeHandler.js

It's set up to parse a method arn structured specifically like this:
arn:aws:execute-api:<regionId>:<accountId>:<apiId>/<stage>/<method>/<resourcePath>/<userId>/<function>

I was thinking it would be a good idea to templatize this somehow so it can be configured in the env.yml instead of editing the code.

Answer 5 · 2017-09-15T05:01:19.000Z

Is there any plan to collapse these two repositories into a single code base? Even without the react part but just the other enhancements.

The other thing I'm wondering, my use case is a bit different, I don't want to authenticate users to access API endpoints but I want to do the authentication to fetch the access_token to access the APIs. As example, getting the access_token from the google authentication so I can access the google apis.

Thanks!