The getApiTokenEncrypted SDK simplifies the process of managing access tokens for the Metadata Bank API. This SDK is designed to be used within an AWS Lambda function and handles the encryption and storage of tokens in AWS DynamoDB, as well as fetching secrets from AWS Secret Manager.
- Node.js installed.
- AWS account with proper permissions to create and manage Lambda functions, Secret Manager, and DynamoDB.
- AWS Lambda function must have the proper IAM roles and permissions to
getandputitems in DynamoDB, and to access secrets in Secret Manager. - Valid credentials such as
consumerKeyandconsumerSecretstored in AWS Secret Manager. - Environment variables set for:
RETRIES: The default number of retries.INTERVAL: The default retry interval.SECRET_NAME: The name of the secret in AWS Secrets Manager that contains the consumer key and consumer secret.URL: The URL of the API's token endpoint.SCOPE: The scope of the access token.TABLE_NAME: DynamoDB table nameTOKEN_ID: DynamoDB token id
Important note: If you are working with multiple integrations for the Metadata Bank API, it's advisable to set DynamoDB unique TOKEN_ID environment variables for each environment. This ensures that there is no collision between token IDs, keeping them distinct and separate for each integration.
- Clone the repository or download the SDK.
- Navigate to the project directory and run
npm installto install the dependencies. - Set up your environment variables in a
.envfile or through the AWS Lambda environment variables configuration. - Deploy the SDK as part of your AWS Lambda function.
The IAM role associated with the Lambda function must have the following permissions:
dynamodb:GetItem: To read items from the DynamoDB table.dynamodb:PutItem: To write items to the DynamoDB table.secretsmanager:GetSecretValue: To retrieve secrets from Secrets Manager.- (Optional) Permissions for any other AWS services or resources that the Lambda function interacts with.
You can define these permissions in an IAM policy and attach it to the IAM role used by the Lambda function. Make sure to restrict the resources to only those that the function needs to access.
Example policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DynamoDBAccess",
"Effect": "Allow",
"Action": ["dynamodb:GetItem", "dynamodb:PutItem"],
"Resource": "arn:aws:dynamodb:REGION:ACCOUNT_ID:table/TableName"
},
{
"Sid": "SecretsManagerAccess",
"Effect": "Allow",
"Action": ["secretsmanager:GetSecretValue"],
"Resource": "arn:aws:secretsmanager:REGION:ACCOUNT_ID:secret:SecretName"
}
]
}Replace REGION, ACCOUNT_ID, TableName, and SecretName with your specific values.
Please make sure to customize the example policy and other details according to your specific requirements and setup.
You can run the tests locally using Jest:
npm testYou can use the getApiTokenEncrypted function within your AWS Lambda handler to manage access tokens. Here's an example:
const { refreshToken } = require('./src/getApiTokenEncrypted'); // Adjust the path as needed
exports.handler = async (event) => {
const token = await refreshToken();
// Your code here
};For more comprehensive documentation, please refer to the Documentation folder in this repository.
This project is licensed under the GPL-3.0-or-later license. See the LICENSE file for details.
Please read CONTRIBUTING for details on our code of conduct, and the process for submitting pull requests.
- Patrick Roch