AWS – Express.js developers can now add authorization in minutes with Amazon Verified Permissions
Today, AWS announces the release of @verifiedpermissions/authorization-clients-js, an open source package that enables developers to implement authorization in their Express.js web application APIs in minutes. This simplifies development and improves application security by significantly reducing the custom authorization code compared to traditional approaches where authorization logic was embedded into the application.
With this package, developers of Express.js applications can move authorization logic to Cedar policies which are managed outside code. For example, a pet store application can restrict API access based on user roles, allowing administrators full access while limiting customers to view-only operations, all without embedding complex authorization logic in application code. As your application evolves, you can easily extend these permissions, such as allowing employees to create and update pets but not delete them, by simply adding a new policy without modifying a single line of application code.
Amazon Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. The integration follows a straightforward workflow: developers generate a Cedar schema for their Express.js application, create authorization policies defining access rules, and add a middleware component to their Express application. When users make API requests, the middleware automatically validates authorization with Verified Permissions before processing continues.
The @verifiedpermissions/authorization-clients-js package is available on GitHub under the Apache 2.0 license and distributed through NPM. This integration is available in all AWS Regions where Amazon Verified Permissions is supported with no additional charges beyond standard Verified Permissions pricing. To get started, follow the ExpressJS blog or visit the Verified Permissions github repo.
Read More for the details.
