AWS API Gateway and Hydra


#1

Hey guys. I want to use Ory Hydra for an OpenID Connect based service. I will write also my own authentication stack. My question is related to the {client-id, client-secret} aspect. Instead of this being verified by Hydra itself running on a host / EC2 instance, is it possible to get AWS API Gateway to authenticate clients that want to make use of this service? Rationale is, AWS API Gateway is a more perimeter service external to my EC2 instances and it’s hardened by Amazon itself re: API services (i.e. potentially more secure).

To clarify, end-users themselves will be authenticated by my authentication stack, but I am asking about the Client authentication in the OpenID Connect flow, where the Client’s backend server calls the Ory Hydra service. It would be nice if the authentication for this flow can be done via AWS API Gateway and skip the {client-secret} aspect as verified by Hydra. Here, once AWS API Gateway authenticates Client, it will tell Hydra which Client is making the API call. What are your thoughts / suggestions? Thanks.


#2

Hey Phoenix,
Maybe this Post could help you :
https://blogs.edwardwilde.com/2017/01/12/creating-an-oauth2-custom-lamda-authorizer-for-use-with-amazons-aws-api-gateway-using-hydra/