template.yml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
Github Cognito OpenID Wrapper (SSO)
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Runtime: nodejs18.x
Timeout: 15
Environment:
Variables:
GITHUB_CLIENT_ID:
Ref: GitHubClientIdParameter
GITHUB_CLIENT_SECRET:
Ref: GitHubClientSecretParameter
COGNITO_REDIRECT_URI:
Ref: CognitoRedirectUriParameter
GITHUB_API_URL:
Ref: GitHubUrlParameter
GITHUB_LOGIN_URL:
Ref: GitHubLoginUrlParameter
Parameters:
GitHubClientIdParameter:
Type: String
GitHubClientSecretParameter:
Type: String
CognitoRedirectUriParameter:
Type: String
GitHubUrlParameter:
Type: String
Default: "https://api.github.com"
MinLength: 1
GitHubLoginUrlParameter:
Type: String
Default: "https://github.com"
MinLength: 1
StageNameParameter:
Type: String
Resources:
GithubOAuthApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref StageNameParameter
OpenApiVersion: "2.0"
OpenIdDiscovery:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: openIdConfiguration.handler
Events:
GetResource:
Type: Api
Properties:
Path: /.well-known/openid-configuration
Method: get
RestApiId: !Ref GithubOAuthApi
Authorize:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: authorize.handler
Events:
GetResource:
Type: Api
Properties:
Path: /authorize
Method: get
RestApiId: !Ref GithubOAuthApi
Token:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: token.handler
Events:
GetResource:
Type: Api
Properties:
Path: /token
Method: get
RestApiId: !Ref GithubOAuthApi
PostResource:
Type: Api
Properties:
Path: /token
Method: post
RestApiId: !Ref GithubOAuthApi
UserInfo:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: userinfo.handler
Events:
GetResource:
Type: Api
Properties:
Path: /userinfo
Method: get
RestApiId: !Ref GithubOAuthApi
PostResource:
Type: Api
Properties:
Path: /userinfo
Method: post
RestApiId: !Ref GithubOAuthApi
Jwks:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./dist-lambda
Handler: jwks.handler
Events:
GetResource:
Type: Api
Properties:
Path: /.well-known/jwks.json
Method: get
RestApiId: !Ref GithubOAuthApi
Outputs:
GitHubShimIssuer:
Description: "GitHub OpenID Shim Issuer"
Value: !Sub "https://${GithubOAuthApi}.execute-api.${AWS::Region}.amazonaws.com/${StageNameParameter}"