Is it possible to use AWS API without Authentication Token - api

I try to use AWS lambda. I don't want to use any authentication - it is a simple test function. I receive
{
"message": "Missing Authentication Token"
}
Is it possible to use AWS API without Authentication Token?
Thanks in advance.

Yes, it's possible. You can configure if you want to use Authorization, Request Validator or API key for each resource you created.
Also make sure you invoke the right URL and path of your API, because I had the same issue when I tried to trigger an undeclared path.

Yes, you can create it without Authentication. It means it will default execution role. I have a video blog on the same, which creates and run API without any authentication token. Please see the same below,
https://youtu.be/0HwO14p9cjk
Always remember to deploy API after any change :)

Related

Schedule a Google Cloud Function with both custom header and OIDC token

I have deployed a Google Cloud Function which requires authentication to be executed.
Then, I've scheduled this function using Google Cloud Scheduler, and setting authentication through OIDC token, which basically is an authentication header in the HTTP POST scheduled.
Now, I would like to provide some custom parameter to the Cloud Function as well, using the proper header in Cloud Scheduler, but seems not to work.
I'm afraid that is caused by what stated here, that is, authentication headers are overwritten.
Anyone faced the same issue?
How could be solved?
Thanks
You can use the Headers in Cloud Scheduler to add the headers that you want, except the Authorization header that is set automatically when you activate the OIDC auth.
You can also put some parameter in the body if you want, all depends where you would like to read the data (header or body.)
EDIT 1
I have a Cloud Run "logger" to simply logs the headers/body of requests. And it worked during my tests I have 2 custom headers + the authorization header automatically set. Have a look:

How to integrate the AWS Cognito built-in UI?

I've been experimenting with Cognito for a few days, and I am now testing the Built-in signing UIs. I have managed to get it working, I am able to see the login page and successfully login with a User I have created. For my callback URL I'm using localhost:3000 as a testing ground, where I'm running a React SPA.
However, I am at a complete loss about what to do once I'm redirected. The documentation says I should get a URL with a JWT as a query parameter. Instead, I'm getting a URL of the form:
localhost:3000/?code=########-####-####-####-############
where # is an alphanumeric character. I don't recognize this code, I don't think it is a JWT. I would highly appreciated it anyone could:
explain what it is
direct me to any kind of documentation on how to use it?
After redirection, You are getting localhost:3000/?code=########-####-####-####-############
This means you have enabled code grant flow
This code is used to get the tokens from Amazon Cognito.
Request Type: POST
URL: https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token
PayLoad:
grant_type=authorization_code&
client_id=<CLIENT_ID>&
code=<AUTHORIZATION_CODE>&
redirect_uri=com.myclientapp://myclient/redirect
Here you can see we are passing code in the payload with redirect url.
The response of this POST request will be your tokens ( If Successful authentication :) )
Sample Response:
{
"access_token":"eyJz9sdfsdfsdfsd",
"refresh_token":"dn43ud8uj32nk2je",
"id_token":"dmcxd329ujdmkemkd349r",
"token_type":"Bearer",
"expires_in":3600
}
You can save this token in your localstorage or sessionstorage for further custom authentication.
Please refer all the available endpoints of amazon cognito for more details.
Ex:
Authorization Endpoint
Token Endpoint
I hope now it makes clear to you!

AWS API Gateway : route error

I created my API in EC2 instance of AWS. when I'm deploying my API in to AWS Api gateway. API Gateway provided me with a link. When I used that same link in postman to access my API, I'm getting the following error, despite providing IAM credentials.
The Error I'm facing is
{
"message": "No method found matching route / for http method GET."
}
I had the same problem and solved it. The problem is in the Invoke URL you're using. To fix this, please correct path: check the Deployment API link + double check what method you want to call.
You may need to add some more path variables after "/". E.g., "test", whatever, so path finishes with method you'd like to invoke.
I created test project for you, please see screenshot with example. So, in order for script to execute math operation, e.g. "add", you add "/math/add", not default invoke URL:
Good luck!
Check the "Auth" section of your method request in the API gateway.
I had the same response until I set Auth to "AWS_IAM"

Social tables authorization and authentication flow

As per the documents received writing down the flow of authorization for version 4.0:
1. call authorize service to get the authorization code back.
2. read the 'code' value for the authorization_code.
3. use this authorization_code to get 'access_token' using '4.0/oauth/token'.
4. for the subsequent calls use 'access_token'.
Please confirm if my understanding above is correct.
My question:
- What will happen when access_token expires? Do we need to go to above flow again?
- the URLs are https does it need certificates?
- what will be the redirect_uri if i want to test in my dev?
I suggest reading a bit about OAuth 2.0 flow. Here's a decent article/example that I would start with from Digital Ocean: https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
But to answer your specific questions:
when the access_token expires you need to make an additional request to Social Tables with the refresh_token -- here's an example: click here. In short, yes you need to use the refresh token to get a new access token which you'll use for subsequent requests
No, you do not need to configure any certificates on your end. These are done via SSL+HTTPS and are ready to go.
The redirect_url for local development can be set to your local running server. You can set it to http://localhost:<port> and that will work just fine.

Gmail API- Metadata scope does not support 'q' parameter

I'm trying to use Gmail API for my web app. What I want is get messages which has attachment file and I'm following this tutoral.
The problem is when I use 'q' parameter, it return the error: Metadata scope does not support 'q' parameter
My request URL
Note: My authorize scopes are:
https://mail.google.com/
https://www.googleapis.com/auth/gmail.modify
https://www.googleapis.com/auth/gmail.readonly
The error message occurs when https://www.googleapis.com/auth/gmail.metadata is included in the scopes. But in your scopes, it is not used. So please confirm the following points again.
If the refresh token is retrieved in your script, please remove it and authorize again using the scopes without https://www.googleapis.com/auth/gmail.metadata.
If you use Google APIs Explorer, please remove Google APIs Explorer at https://myaccount.google.com/permissions.
Please login and remove it.
After you did above, please use the API of endpoint by authorizing using the scopes without https://www.googleapis.com/auth/gmail.metadata.
If this was not useful for you, I'm sorry.