[keycloak-user] Using Keycloak to secure AWS API Gateway Lambda endpoints

youcef belattaf youcef.belattaf at gmail.com
Wed Dec 5 06:10:11 EST 2018


Hello everyone,

We'd like to use Keycloak in our new API managed by AWS Lambda / API
Gateway. Unfortunatly, we didn't find an adapter for AWS API Gateway /
Lambda. So we decided to write an adapter that consists of 2 lambdas :

1/ A Lambda that validates the JWT, and in case of a new public key,
requests the Keycloak to get  the new public key. This lambda is used as an
Authorizer.
2/ A Lambda that deals with revocations. It exposes an endpoint
(k_push_not_before) in order to receive Admin Not Before Policy Pushes.

What do you think of this solution, your feedback and experiences on
Keyckoak and AWS Gateway / Lambda are welcome.

Regards,
Youcef


More information about the keycloak-user mailing list