Sign upLogin

TimothyJones/github-openid-wrapper

View on GitHub
Star
template.yml

Summary

Maintainability
Test Coverage
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
    Github Cognito OpenID Wrapper (SSO)

# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    Runtime: nodejs18.x
    Timeout: 15
    Environment:
      Variables:
        GITHUB_CLIENT_ID:
          Ref: GitHubClientIdParameter
        GITHUB_CLIENT_SECRET:
          Ref: GitHubClientSecretParameter
        COGNITO_REDIRECT_URI:
          Ref: CognitoRedirectUriParameter
        GITHUB_API_URL:
          Ref: GitHubUrlParameter
        GITHUB_LOGIN_URL:
          Ref: GitHubLoginUrlParameter

Parameters:
  GitHubClientIdParameter:
    Type: String
  GitHubClientSecretParameter:
    Type: String
  CognitoRedirectUriParameter:
    Type: String
  GitHubUrlParameter:
    Type: String
    Default: "https://api.github.com"
    MinLength: 1
  GitHubLoginUrlParameter:
    Type: String
    Default: "https://github.com"
    MinLength: 1
  StageNameParameter:
    Type: String

Resources:
  GithubOAuthApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: !Ref StageNameParameter
      OpenApiVersion: "2.0"
  OpenIdDiscovery:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./dist-lambda
      Handler: openIdConfiguration.handler
      Events:
        GetResource:
          Type: Api
          Properties:
            Path: /.well-known/openid-configuration
            Method: get
            RestApiId: !Ref GithubOAuthApi
  Authorize:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./dist-lambda
      Handler: authorize.handler
      Events:
        GetResource:
          Type: Api
          Properties:
            Path: /authorize
            Method: get
            RestApiId: !Ref GithubOAuthApi
  Token:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./dist-lambda
      Handler: token.handler
      Events:
        GetResource:
          Type: Api
          Properties:
            Path: /token
            Method: get
            RestApiId: !Ref GithubOAuthApi
        PostResource:
          Type: Api
          Properties:
            Path: /token
            Method: post
            RestApiId: !Ref GithubOAuthApi
  UserInfo:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./dist-lambda
      Handler: userinfo.handler
      Events:
        GetResource:
          Type: Api
          Properties:
            Path: /userinfo
            Method: get
            RestApiId: !Ref GithubOAuthApi
        PostResource:
          Type: Api
          Properties:
            Path: /userinfo
            Method: post
            RestApiId: !Ref GithubOAuthApi
  Jwks:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./dist-lambda
      Handler: jwks.handler
      Events:
        GetResource:
          Type: Api
          Properties:
            Path: /.well-known/jwks.json
            Method: get
            RestApiId: !Ref GithubOAuthApi

Outputs:
    GitHubShimIssuer:
      Description: "GitHub OpenID Shim Issuer"
      Value: !Sub "https://${GithubOAuthApi}.execute-api.${AWS::Region}.amazonaws.com/${StageNameParameter}"