8. Unauthenticated
API处理流程
Mobile apps AWS Lambda lambdaHandler
Register
Login
API Gateway
Authenticated
Mobile apps AWS Lambda lambdaHandler
ListPosts
GetPosts
API Gateway
GetComments
Invoke with
caller credentials
Authorized by IAM
22. The API definition
• POST
• 接收用户的username, password
• 加密密码并在DynamoDB中创建用户资料
• 生成基于JWT的密匙
• 返回用户和密匙
/register
• POST
• 接收用户的username, password
• 比对DynamoDB验证用户登录
• 成功后利用JWT加密并生成Token
• 返回登录成功后的JWT Token
/login
23. 自定义认证 - Lambda
Client
Lambda Auth
function
API Gateway
OAuth token
Policy is
evaluated
Policy is
cached
Endpoints on
Amazon EC2
Any other publicly
accessible endpoint
AWS Lambda
functions
403
AWS KMSJWT Provider
24. IAM Policy是所有AWS服务的权限工具
Mobile apps AWS Lambda lambdaHandler
API Gateway
Invoke with
caller credentials
Service calls are
authorized using
the IAM role
更多介绍
http://amzn.to/1YkxcjR
DynamoDB