Back to projects
Serverless Authentication System with AWS & JWT

Serverless Authentication System with AWS & JWT

Wiran Larbi / April 12, 2024

Serverless Authentication System with AWS & JWT

This project implements a secure, scalable serverless authentication system using AWS services including API Gateway, Lambda, and DynamoDB, with JWT (JSON Web Token) for session management.

Architecture Diagram

Architecture Overview

Architecture Diagram

The system implements a modern serverless approach with two primary workflows:

User Authentication Flow

  • Client application initiates the authentication process
  • System checks if user is registered
  • New users follow registration path
  • Existing users proceed to login
  • Login credentials are verified against DynamoDB
  • JWT tokens are issued for successful authentications

API Management Flow

  • Client applications communicate with backend services through API Gateway
  • API Gateway manages and secures all API requests
  • Lambda functions (written in Go) handle business logic
  • DynamoDB provides scalable NoSQL data storage for user data

Key Features

  • Serverless Architecture: Eliminates server management using AWS Lambda and managed services
  • Secure Authentication: Implements industry-standard JWT authentication
  • Scalable Design: Leverages AWS auto-scaling capabilities for handling variable loads
  • Cost-Effective: Pay-only-for-usage pricing model
  • Go Implementation: Backend services written in efficient Go code
  • API-Driven Design: RESTful endpoints for all authentication operations

Technology Stack

The system comprises the following core AWS components:

  • AWS Lambda: Serverless compute for authentication logic
  • Amazon API Gateway: API management and security
  • Amazon DynamoDB: NoSQL database for user credentials and application data
  • JWT (JSON Web Tokens): Secure authentication tokens
  • Go (Golang): Backend programming language
  • AWS IAM: Identity and Access Management for secure service interactions

Implementation Details

The authentication flow works as follows:

  1. Registration Process:

    • New users submit registration details through client application
    • API Gateway routes request to Lambda function
    • Lambda validates input and stores user data in DynamoDB
    • Success/failure response returned to user

  2. Login Process:

    • Users submit credentials through client application
    • API Gateway routes request to authentication Lambda
    • Lambda verifies credentials against DynamoDB
    • On success, JWT token is generated and returned
    • On failure, error message is returned

  3. Protected API Access:

    • Client includes JWT in authorization header
    • API Gateway validates token before processing request
    • Valid tokens allow access to protected resources
    • Invalid tokens return authorization errors

Deployment & Testing

The project uses AWS CDK for infrastructure deployment and is managed through a Makefile for simplified operations.

Available Deployment & Testing Commands

Available commands:
  make diff         - Show differences between local and deployed stacks
  make deploy       - Deploy CDK stack(s) (runs diff first)
  make destroy      - Destroy CDK stack(s) with confirmation prompt
  make clean        - Remove local CDK-generated files
  make all          - Run diff and deploy
  make help         - Show this help message
  make test-api     - Test deployed apis, and check integrity

To specify a stack, use STACK_NAME=your-stack-name
Example: make deploy STACK_NAME=my-service-stack