Develop secure serverless web applications


This content is no longer being updated or maintained and is presented as “as is”. Given the rapid evolution of technology, some materials, stages or illustrations may have changed.


IBM Cloud Functions, based on Apache OpenWhisk, is a Function-as-a-Service (FaaS) platform that performs functions in response to events received and is free of charge if not in use. It is activated when the code is executed and disabled when it is no longer needed. In this developer code standard, we demonstrate how to use IBM Cloud Functions with OAuth 2.0 to enable authentication and authorization in a web application.


Web applications need authentication and authorization. This seems redundant, but for several years, there has been no reusable solution. OAuth has definitely taken a big step forward by introducing third party authentication and authorization. Still, both actions consume a lot of packaging and hosting deployment resources, taking into account that users log in only once every so long, in relatively long spaces.

In this code pattern, we have a web application written in Angular. We are going to configure the Google OAuth API so that users can log in to their Google accounts through OAuth. Of course, in the web application, the code already exists to invoke IBM Cloud Functions. We still need to define the actions through the IBM CLI. After connecting everything, we will be able to see how the login process invokes the IBM Cloud Functions action in order to trigger the OAuth request to the Google API and return the token to the Angular web application. Note that the web application does not need to be hosted in a specific environment; it just needs to reach APIs that don’t have a server.


Please enter your comment!
Please enter your name here