Published a YouTube video
Published a podcast episode
Spoke about AWS
Live Coding

52. Authentication for a CLI app with AWS Cognito - Live coding PART 5

How can you build a WeTransfer or a Dropbox Transfer clone on AWS?

This is our fifth live coding stream. In this episode, we continued adding some security to our application. Specifically, we implemented 75% of the OAuth 2 device flow on top of AWS Cognito to allow our file upload CLI application to get some credentials.
In order to implement this flow, we need to store some secrets. We decided to use DynamoDB and spent a lot of time discussing our data design and how and why we used the famous and controversial DynamoDB single table design principle.

All our code is available in this repository:

🔖  Chapters:

00:00 Intro
03:48 Recap OAuth 2 device flow (RFC8628)
08:21 Coding the device authorization flow (step 1)
28:09 Storing data with the DynamoDB client and introducing the DynamoDB single table design principle
57:37 Deploying, testing (and debugging) the device authorization flow endpoint
01:11:04 Coding the verify flow (step 2)
01:55:30 Deploying and testing (and fixing) the verify flow
02:04:00 Review next steps & wrap up

In this episode we mentioned the following resources:
  - OAuth 2 Device Auth flow RFC8628:
  - The DynamoDB book by Alex DeBrie:
  - LevelDB:
  - OAuth 2 Authorization framework RFC6749:

We set ourselves up for a challenge and in this series of live streams we will try to incrementally build a simple clone of WeTransfer or Dropbox Transfer that would allow us to upload files and share them by URL.

Everything is up for discussion (and your opinion is important!) but right now we are expecting to be using S3, Lambda, API Gateway, Route53, DynamoDB and tons of Node.js!

Come and join us on this fantastic project! 🤩

All the episodes of this series:

- 🗒 Full playlist:
- PART 1: (MVP with Lambda, API Gateway, and S3)
- PART 2: (Custom domain with Route53 and Content-Disposition)
- PART 3: (Observability best practices with Middy and Lambda Power Tools + CLI Application)
- PART 4: (Adding authentication using Cognito and implementing the OAuth 2 device flow)
- PART 5: (OAuth 2 device flow and DynamoDB Single Table Design)
- PART 6: (Completing OAuth 2 device flow and Adding a login command to the CLI application)

#aws #serverless #dynamodb