Week 5

 Week 5 at Strastan

This week was all about chasing down bugs, securing credentials, and finally watching our LinkedIn OAuth2 flow behave like it was supposed to. Between graduation prep buzz and lab sessions, I managed to wrestle the last pieces of the integration into place.

 Thoughts

OAuth2 sounds simple until you’re knee-deep in token exchanges, redirect URLs, and CSRF protection. Getting /linkedin/auth to return a clean 302 felt like a small victory especially after hours of decoding CloudWatch logs and patching handler logic. Once the callback started accepting both GET and POST, parsing the authorization code, and saving tokens to DynamoDB, it finally felt like the system was breathing on its own.

Adding the state parameter was a turning point. Encoding the Cognito ID and nonce, storing it with a TTL, and validating it on callback made the whole flow feel airtight. And pulling user profile data from LinkedIn’s /v2/userinfo endpoint? That was the cherry on top.

Challenges

  • Internal server errors on /linkedin/auth were vague and stubborn CloudWatch became my debugging lifeline.
  • Secrets Manager integration required IAM tweaks and refactoring to ditch hardcoded credentials.
  • Validating the OAuth state and linking everything to Cognito identities took precision and patience.
  • Handling both GET and POST responses in the callback Lambda wasn’t as straightforward as expected.

Realizations

  • OAuth2 is less about code and more about trust choreography every step has to be secure and intentional.
  • CloudWatch logs are underrated. They tell you everything if you’re willing to dig.
  • Storing tokens is one thing; linking them to verified identities is what makes the system truly secure.
  • Once you’ve built a clean OAuth flow, everything else profile access, content publishing feels way more achievable.


Comments

Post a Comment

Popular posts from this blog

Week 3

Week 3 at Strastan This week was all about locking down our backend authentication, authorization, and event orchestration took center stage. We worked from the school’s computer lab since our usual rooms were reserved for graduation prep, but that didn’t slow us down. We finalized the Cognito User Pool setup and wired in Lambda functions for sign-up and user retrieval. The authorizer was integrated to guard protected routes, and CDK deployments finally hit zero remaining tasks. From there, we refined the registration flow to encrypt user profiles post-confirmation and validated everything through Postman. Midweek, we shifted focus to IAM roles and EventBridge. Each Lambda was scoped with least-privilege permissions, and we spun up a custom event bus with filtering rules to ensure only trusted events were processed. CORS policies were enforced, and API Gateway endpoints were hardened to reject unauthorized requests. By Friday, we had a fully secured backend: tokens were validated, ...
Read more

Week 7

 Week 7 at Strastan This week was a full-on backend workout no WFH distractions, just focused days in the campus lab filled with debugging, deploying, and finally watching things click into place. Thoughts It’s wild how much goes into making a system feel “secure.” Swapping hardcoded LinkedIn credentials for Secrets Manager wasn’t just a cleanup it was a mindset shift. Suddenly, every token, every permission, every authorizer felt like part of a bigger trust chain. And once we saw the OpenID flow working end-to-end, it felt like unlocking a new level of backend maturity. The Content Calendar orchestration was another eye-opener. Building the LinkedIn Publisher Lambda to consume SQS messages and trigger updates across DynamoDB and EventBridge made me realize how powerful and fragile event-driven systems can be. One misnamed field or missing IAM permission, and the whole flow breaks. But when it works? It’s magic. Challenges Migrating the repo broke more things than expected C...
Read more