Authorizers for AWS APIGateway V2
Project description
AWS APIGatewayv2 Authorizers
---The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
Table of Contents
HTTP APIs
API Gateway supports multiple mechanisms for controlling and managing access to your HTTP API. They are mainly classified into Lambda Authorizers, JWT authorizers and standard AWS IAM roles and policies. More information is available at Controlling and managing access to an HTTP API.
JWT Authorizers
JWT authorizers allow the use of JSON Web Tokens (JWTs) as part of OpenID Connect and OAuth 2.0 frameworks to allow and restrict clients from accessing HTTP APIs.
When configured on a route, the API Gateway service validates the JWTs submitted by the client, and allows or denies access based on its content.
API gateway uses the identitySource
to determine where to look for the token. By default it checks the http Authorization
header. However it also supports a number of other options. It then decodes the JWT and validates the signature and claims, against the options defined in the authorizer and route (scopes). For more information check the JWT Authorizer documentation.
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
authorizer = HttpJwtAuthorizer(
jwt_audience=["3131231"],
jwt_issuer="https://test.us.auth0.com"
)
api = HttpApi(stack, "HttpApi")
api.add_routes(
integration=HttpProxyIntegration(
url="https://get-books-proxy.myproxy.internal"
),
path="/books",
authorizer=authorizer
)
User Pool Authorizer
User Pool Authorizer is a type of JWT Authorizer that uses a Cognito user pool and app client to control who can access your Api. After a successful authorization from the app client, the generated access token will be used as the JWT.
Clients accessing an API that uses a user pool authorizer must first sign in to a user pool and obtain an identity or access token.
They must then use this token in the Authorization
header of the API call. More information is available at using Amazon Cognito user
pools as authorizer.
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
user_pool = UserPool(stack, "UserPool")
user_pool_client = user_pool.add_client("UserPoolClient")
authorizer = HttpUserPoolAuthorizer(
user_pool=user_pool,
user_pool_client=user_pool_client
)
api = HttpApi(stack, "HttpApi")
api.add_routes(
integration=HttpProxyIntegration(
url="https://get-books-proxy.myproxy.internal"
),
path="/books",
authorizer=authorizer
)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-apigatewayv2-authorizers-1.94.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 104b764fb805df59f2a2383693f435029fa567b241b493eb11faccf63c59f797 |
|
MD5 | 335b222683a23caf7afb07881b65f9f5 |
|
BLAKE2b-256 | 880020e46351ff569f129decf8351338134a88b7852a202b55a9376ed01ab2c9 |
Hashes for aws_cdk.aws_apigatewayv2_authorizers-1.94.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 53392b4b27979fb908b031ca99845875ada7df1df12e39202605d1a390f69fe3 |
|
MD5 | 8463385b88233844088937dd90349bd7 |
|
BLAKE2b-256 | 6ec042ac121a7fa989d8bda69cffee6bb9183404488e15fde9a95817ccb2bbe5 |