From cfe8d6b8a3a245179a5df8137e0362d959c35d4c Mon Sep 17 00:00:00 2001 From: Mark Steele Date: Wed, 18 Apr 2018 11:52:36 -0400 Subject: adding doc --- README.md | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ auth.js | 2 +- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..d1e76de --- /dev/null +++ b/README.md @@ -0,0 +1,85 @@ +# netlify-serverless-oauth2-backend + +This is an AWS Lambda based service to help perform authentication to Github via an OAuth2 authentication process. + + +## Installation + +``` +sudo npm -i serverless -g +npm i +``` + +## Configuration + +This code can be run either locally (using the serverless-offline plugin) or deployed in AWS. + +### Offline + +To run it locally: + +``` +sls offline +``` + +Before running it, update auth.js to reflect your desired configuration. The settings are defined in the initialization of the Secrets class: + +``` +// Change this stuff in auth.js to reflect your own dev testing +const secrets = new Secrets({ + GIT_HOSTNAME: 'https://github.com', + OAUTH_TOKEN_PATH: '/login/oauth/access_token', + OAUTH_AUTHORIZE_PATH: '/login/oauth/authorize', + OAUTH_CLIENT_ID: 'foo', + OAUTH_CLIENT_SECRET: 'bar', + REDIRECT_URL: 'http://localhost:3000/oauth/callback', + OAUTH_SCOPES: 'repo,user', +}); +``` + +For this to work you'll also need to have your OAuth2 app setup properly in Github (and redirecting to the same callback url). + +### AWS Deployment + +To deploy the Lambda function, you'll need to update serverless.yml and set your KMS key for the parameter store. + +To grab the key id: + +``` +aws kms describe-key --key-id alias/aws/ssm --profile --region +``` + +ex: + +``` +aws kms describe-key --key-id alias/aws/ssm --profile ctrl-alt-del --region us-east-1 +``` + +If you're unfamiliar with AWS profiles, see this documentation: https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html + +Once you've added your key uuid to the serverless.yml configuration (mapping it to the correct region and stage), it's time to deploy the code. + +``` +sls deploy -s --aws-profile --region +``` + +Ex: + +``` +sls deploy -s prod --aws-profile ctrl-alt-del --region us-east-1 +``` + +Finally, once the code is deployed you need to add some parameters to the AWS parameter store. + +Head on over to the AWS console, find the Systems manager, and go to the Parameter store. + +In there, you'll want to create the following parameters/values (as SecureStrings): + +* /ctrl-alt-del/oauth//GIT_HOSTNAME - The github host to use. Ex: https://github.com +* /ctrl-alt-del/oauth//OAUTH_TOKEN_PATH - The token api uri path. Most probably this: /login/oauth/access_token +* /ctrl-alt-del/oauth//OAUTH_AUTHORIZE_PATH - The authorize api uri path. Most probably this: /login/oauth/authorize +* /ctrl-alt-del/oauth//OAUTH_CLIENT_ID - Your Github OAuth client id +* /ctrl-alt-del/oauth//OAUTH_CLIENT_SECRET - Your Github OAuth client secret +* /ctrl-alt-del/oauth//REDIRECT_URL - Your callback URL. It will look something like this: https://RANDOMSTUFF.execute-api.us-east-1.amazonaws.com//callback +* /ctrl-alt-del/oauth//OAUTH_SCOPES - The scopes to grant. Probably this: repo,user + diff --git a/auth.js b/auth.js index c29823f..3a75ce0 100644 --- a/auth.js +++ b/auth.js @@ -8,7 +8,7 @@ const secrets = new Secrets({ OAUTH_AUTHORIZE_PATH: '/login/oauth/authorize', OAUTH_CLIENT_ID: 'foo', OAUTH_CLIENT_SECRET: 'bar', - REDIRECT_URL: 'https://www.control-alt-del.org/oauth/callback', + REDIRECT_URL: 'http://localhost:3000/oauth/callback', OAUTH_SCOPES: 'repo,user', }); -- cgit v1.2.3