hands-on lab

Implementing Authentication in a Microservice Using the Serverless Framework

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Most of the time you design and build a microservice, you want part of it to be privately accessible. It means that only authenticated/authorized users can access that part. To do so, you want to implement an authenticated/authorized system to check all the accesses. There are different systems that can be integrated, but the process to check the calls that are made to private parts is the following one: you first get something that authenticates/authorizes you (for example a JWT token), and you then send it for every call you perform to let the system check.

In this lab, you will use the Serverless Framework to build a microservice composed of three functions: one for getting an authentication token, another one that will be private, and a final one that will be used as middleware for authenticating the requests made. To do so, you will create the authentication function as a custom authorizer. It means that every call made to a private function will be first passed to the authentication function through API Gateway. It will check for the presence of an authentication part, and if it's valid it will return an IAM policy to let the request be sent to the target function.

Learning Objectives

Upon completion of this lab you will be able to:

  • Build a serverless microservice with private parts
  • Define a custom authorizer function that will authenticate all the requests made to private parts

Intended Audience

This lab is intended for:

  • Software engineers that want to build a microservice that requires authentication/authorization
  • Developers that want to understand how to leverage the Serverless Framework to build an authenticated microservice


To get the most from this lab, you should have basic knowledge of the Serverless Framework. To get ready, you can use the following labs:

Environment before

Environment after

About the author

Learning paths

Stefano studies Computer Science and is passionate about technology. He loves working with Cloud services and learning all the best practices for them. Google Cloud Platform and Amazon Web Services are the cloud providers he prefers. He is a Google Cloud Certified Associate Cloud Engineer. Node.js is the programming language he always uses to code. When he's not involved in studying or working, Stefano loves riding his motorbike and exploring new places.

Covered topics

Lab steps

Initializing a Project Using the Serverless Framework
Building and Deploying an Authenticated Microservice
Testing the Authenticated Microservice