A naukri.com initiative
Amazon
3w
401
Image Credit: Amazon
Secure your Express application APIs in minutes with Amazon Verified Permissions
- Amazon Verified Permissions has released @verifiedpermissions/authorization-clients-js, an open source package for implementing external fine-grained authorization for Express.js web application APIs swiftly using Verified Permissions.
- Developers can save time and effort by using this package to reduce custom integration code up to 90%, enhancing application security.
- Externalizing authorization helps simplify audits, maintainable code, and security model evolution by decoupling authorization logic.
- One method is using Cedar, an open-source SDK for creating and enforcing authorization policies, as described with a Pet Store example.
- Verified Permissions offers a managed service for Cedar, simplifying policy governance, scalability, and auditing.
- The article details steps for implementing authorization in Express with Verified Permissions, including creating policies, connecting to an OIDC provider, and authorizing API access.
- The integration architecture involves using AWS CLI, setting up identity providers, creating policies, and calling Verified Permissions for authorization.
- Developers can test the application to verify access control rules based on user groups and ensure proper authorization functioning.
- The @verifiedpermissions/authorization-clients-js package facilitates Express developers in securely integrating with Verified Permissions, leading to simplified audits and enhanced productivity.
- The Cedar Analysis CLI tool aids in analyzing and verifying authorization policies, offering further insight for developers.
- The packages are open source under the Apache 2.0 license on GitHub and NPM, providing resources for developers to improve security and permissions management.
Read Full Article
24 Likes
For uninterrupted reading, download the app