Skip to content

Instantly share code, notes, and snippets.

@9bic

9bic/README.md

Last active February 4, 2022 16:27
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save 9bic/01439b8daf6be321cdd0c9b5188bfb38 to your computer and use it in GitHub Desktop.
Save 9bic/01439b8daf6be321cdd0c9b5188bfb38 to your computer and use it in GitHub Desktop.
Download ZIP
Auth0 Custom SMS Gateway for AWS API Gateway
Raw
README.md

Auth0 Custom SMS Gateway for AWS API Gateway

Auth0 can passwordless(token based) authentication. but in default, SMS verification is used Twilio only. this solution is using auth0 custom connections, to possible SMS verification with AWS SNS and API Gateway.

Deploy

  1. create IAM Role iam-sns-publishable-role and attach inline policy.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
         "sns:Publish"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

  2. change iam-sns-publishable-role trust relationalship to ↓
    you change Service property to "apigateway.amazonaws.com"

     {
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Principal": {
         "Service": "apigateway.amazonaws.com"
       },
       "Action": "sts:AssumeRole"
     }
    ]
  }

  3. Import swagger.json to your API Gateway. and you replace YOUR_ACCOUNT_ID in swagger.json l.52 (if you change iam-sns-publishable-role name, change too)

  4. Deploy API Resources->Actions->Deploy API, parameter is ↓

    key value
    Deployment Stage [New Stage]
    Stage name latest

  5. Create custom SMS Passwordless Connection in Auth0 using Auth0 API Explorer. required Scope create:connections (better to have update:connections, read:connections)

  6. Enable Connection in Auth0 Console. Connections->Passwordless->SMS -> Enable Your Apps(in Default, Default App) -> Try Passwordless Auth

  7. Congratulations!!! 🍻

Raw
auth0-update-connection
{
"name": "awssms-connection",
"strategy": "sms",
"options": {
"disable_signup": false,
"provider": "sms_gateway",
"gateway_url": "YOUR_GATEWAY_URL",
"from": "+11111111111",
"syntax": "md_with_macros",
"template": "Your verification code is @@password@@",
"totp": {
"time_step": 300,
"length": 6
},
"brute_force_protection": true
},
"enabled_clients": []
}
Raw
iam-sns-publishable-role.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"sns:Publish"
]
}
]
}
Raw
swagger.json
{
"swagger": "2.0",
"info": {
"version": "2017-02-12T03:35:41Z",
"title": "auth0-passwordless-gateway",
"descrtiption" : "Auth0 Passwordless Gateway for AWS API Gateway"
},
"host": "9avwdbdvbk.execute-api.ap-northeast-1.amazonaws.com",
"basePath": "/latest",
"schemes": [
"https"
],
"paths": {
"/": {
"post": {
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"parameters": [
{
"name": "Content-Type",
"in": "header",
"required": false,
"type": "string"
},
{
"in": "body",
"name": "PasswordlessRequest",
"required": true,
"schema": {
"$ref": "#/definitions/PasswordlessRequest"
}
}
],
"responses": {
"200": {
"description": "200 response",
"schema": {
"$ref": "#/definitions/Empty"
},
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
}
}
}
},
"x-amazon-apigateway-integration": {
"credentials": "arn:aws:iam::YOUR_ACCOUNT_ID:role/iam-sns-publishable-role",
"responses": {
"default": {
"statusCode": "200",
"responseParameters": {
"method.response.header.Access-Control-Allow-Origin": "'*'"
}
}
},
"uri": "arn:aws:apigateway:ap-northeast-1:sns:action/Publish",
"requestParameters": {
"integration.request.querystring.PhoneNumber": "method.request.body.recipient",
"integration.request.querystring.Message": "method.request.body.body"
},
"passthroughBehavior": "when_no_match",
"httpMethod": "POST",
"type": "aws"
}
},
"options": {
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"responses": {
"200": {
"description": "200 response",
"schema": {
"$ref": "#/definitions/Empty"
},
"headers": {
"Access-Control-Allow-Origin": {
"type": "string"
},
"Access-Control-Allow-Methods": {
"type": "string"
},
"Access-Control-Allow-Headers": {
"type": "string"
}
}
}
},
"x-amazon-apigateway-integration": {
"responses": {
"default": {
"statusCode": "200",
"responseParameters": {
"method.response.header.Access-Control-Allow-Methods": "'POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
"method.response.header.Access-Control-Allow-Origin": "'*'"
}
}
},
"requestTemplates": {
"application/json": "{\"statusCode\": 200}"
},
"passthroughBehavior": "when_no_match",
"type": "mock"
}
}
}
},
"definitions": {
"Empty": {
"type": "object",
"title": "Empty Schema"
},
"PasswordlessRequest": {
"type": "object",
"properties": {
"sender": {
"type": "string"
},
"recipient": {
"type": "string"
},
"body": {
"type": "string"
}
},
"title": "PasswordlessRequest Schema"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment