Challenge Overview
In this challenge series we will design the architecture and implement a POC serverless SPA using various AWS services.
Our client currently has an Angular 2+ Single Page App hosted on an EC2 instance with Apache serving it. This infrastructure uses a firewall for DDoS, XSS, Basic SQL, and other protection. It employs Apache Webgate to check for authentication tokens and redirect to Oracle Access Manager (OAM) if the token is not found, for SSO/login. Our goal in this challenge series is to define and implement a POC architecture within the AWS ecosystem to replace the current EC2 setup with a serverless infrastructure.
In this challenge we want to deploy a sample Angular app to Cloudfront and implement SSO login using Lambda@Edge and Auth0. The goal is to make the app unaware of the authentication flow (similar to the SSO flow in many enterprise intranet apps).
When index.html is requested from cloudfront, the lambda function should check if the request has the SSO cookie and is valid. If not, redirect to Auth0 SSO page and on Auth0 success callback, set the cookie value to access_token value from Auth0 and serve the index.html. All requests for other static files (js,css) should fail immediately with 403 if the request is unauthorized (no sso cookie). Note that Auth0 SSO page is hosted outside the angular app.
Since access tokens will expire, the app will start getting 403 errors after the expiration time and we can't just ignore those. App should be updated to detect those cases and reload the page to get the new token (go through the SSO flow again).
Sample POC app is attached in the forums. It uses Auth0 lock widget for authentication - it should be removed completely (so we will use the SSO flow) and the app should read the token from the cookie instead.
Submit the lambda function
Submit a README explaining how to deploy the app to Cloudfront, configure lambda function and Auth0.
Submit a short demo video (unlisted Youtube link)
Our client currently has an Angular 2+ Single Page App hosted on an EC2 instance with Apache serving it. This infrastructure uses a firewall for DDoS, XSS, Basic SQL, and other protection. It employs Apache Webgate to check for authentication tokens and redirect to Oracle Access Manager (OAM) if the token is not found, for SSO/login. Our goal in this challenge series is to define and implement a POC architecture within the AWS ecosystem to replace the current EC2 setup with a serverless infrastructure.
In this challenge we want to deploy a sample Angular app to Cloudfront and implement SSO login using Lambda@Edge and Auth0. The goal is to make the app unaware of the authentication flow (similar to the SSO flow in many enterprise intranet apps).
When index.html is requested from cloudfront, the lambda function should check if the request has the SSO cookie and is valid. If not, redirect to Auth0 SSO page and on Auth0 success callback, set the cookie value to access_token value from Auth0 and serve the index.html. All requests for other static files (js,css) should fail immediately with 403 if the request is unauthorized (no sso cookie). Note that Auth0 SSO page is hosted outside the angular app.
Since access tokens will expire, the app will start getting 403 errors after the expiration time and we can't just ignore those. App should be updated to detect those cases and reload the page to get the new token (go through the SSO flow again).
Sample POC app is attached in the forums. It uses Auth0 lock widget for authentication - it should be removed completely (so we will use the SSO flow) and the app should read the token from the cookie instead.
Final Submission Guidelines
Submit the updated POC appSubmit the lambda function
Submit a README explaining how to deploy the app to Cloudfront, configure lambda function and Auth0.
Submit a short demo video (unlisted Youtube link)