Task 7 (Authorization)

[solidados]

1. Task link here
2. Screenshots click here
3. FE PullRequest link
4. FE CloudFront
5. Authorization_token: solidados:TEST_PASSWORD => c29saWRhZG9zOlRFU1RfUEFTU1dPUkQ=

Total Score: 100/100

Evaluation criteria (70 points)

Provide your reviewers with the link to the repo, client application and URLs to execute the /import path of the Import Service`

• authorization-service is added to the repo, has correct basicAuthorizer lambda and correct AWS CDK Stack
• Import Service AWS CDK Stack has authorizer configuration for the importProductsFile lambda. Request to the importProductsFile lambda should work only with correct authorization_token being decoded and checked by basicAuthorizer lambda. Response should be in 403 HTTP status if access is denied for this user (invalid authorization_token) and in 401 HTTP status if Authorization header is not provided.
• Client application is updated to send "Authorization: Basic authorization_token" header on import. Client should get authorization_token value from browser localStorage

Additional (optional) tasks (30 points)

NOTE: Recommended for personal growth and further interviews, but this part would not be evaluated on cross-check.

• +30 - Client application should display alerts for the responses in 401 and 403 HTTP statuses. This behavior should be added to the nodejs-aws-fe-main/src/index.tsx file.
• Just Practice, No Evaluation - Add Login page and protect getProductsList lambda by the Cognito Authorizer
• Create Cognito User Pool using a demo from the lecture. Leave email in a list of standard required attributes. Checkbox Allow users to sign themselves up should be checked. Also, set email as an attribute that you want to verify.
• Add App Client to the User Pool
• In the App Client Settings section select all Identity Providers. Fill the Callback URL(s) field with your Client Application URL (i.e. http://localhost:3000/). Allow only Authorization code grant OAuth Flow. Allow all OAuth Scopes
• Create Domain name
• After all of these manipulations, you can open your Login Page by clicking on the Launch Hosted UI link in the App Client Settings
• Provide this link to your reviewers. The reviewer can just confirm that everything works for them too.
• Add Cognito authorizer to the getProductsList lambda. Use Authorization as a Token Source
• How to make sure that everything works as expected:
• Open Login Page and Sign Up a new user. Use a real email address to create this user
• Verify user using code from the email
• After verification and after every login you will be redirected to the Client application. URL should contain id_token which can be used to access the getProductsList lambda
• Call getProductsList lambda using id_token as a value for the Authorization header
• Remove authorization from the getProductsList after your task will be checked

Screenshots