Skip to main content

A python helper library for AWS API Gateway Custom Authorizers

Project description

https://img.shields.io/pypi/status/aws-lambda-pyauthlib.svg https://travis-ci.org/oharaandrew314/aws-lambda-pyauthlib.svg?branch=master https://img.shields.io/pypi/v/aws-lambda-pyauthlib.svg https://img.shields.io/pypi/l/aws-lambda-pyauthlib.svg https://img.shields.io/pypi/pyversions/aws-lambda-pyauthlib.svg codecov.io

A python helper library for AWS API Gateway Custom Authorizers.

Installation

pip install aws-lambda-pyauthlib

or

pipenv install aws-lambda-pyauthlib

Quickstart

'''authorizer_handler.py'''
from pyauthlib import UserInfo, AuthPolicy, HttpMethod, parse_event, raise_401
from my_auth_client import get_client

def lambda_handler(event, _context):
    '''Exchanges access token for user_info and returns the policy.
        Unauthorized users are denied all access.
        Users are allowed read access to all resources.
        Admins are allowed full access to all resources.
    '''
    event = parse_event(event)

    identity = get_client().get_identity(event.access_token)
    user_info = UserInfo(identity['user_id'], identity['grants'])
    policy = AuthPolicy(user_info)

    if not user_info:
        raise_401()
    elif 'ROLE_ADMIN' in user_info.authorities:
        policy.allow(event.arn(method=HttpMethod.ALL, resource='*'))
    else:
        policy.allow(event.arn(method=HttpMethod.GET, resource='*'))

    return policy.build()

More Information

You can also return an arbitrary authorizer context, by passing kwargs into the UserInfo. A list of authorities is always required, but nothing is stopping you from using an empty list.

Go check out the examples!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-lambda-pyauthlib-0.2.2.tar.gz (4.6 kB view details)

Uploaded Source

File details

Details for the file aws-lambda-pyauthlib-0.2.2.tar.gz.

File metadata

File hashes

Hashes for aws-lambda-pyauthlib-0.2.2.tar.gz
Algorithm Hash digest
SHA256 5787b323e519480408fd88a357b85b919ff63542ad93d37d94320a96f5caa554
MD5 7f7cd73cee3ec443dce3c949887f77e3
BLAKE2b-256 3ef7dc4d3a71d79e356da715df0e0b87bbb4e1127d6d8f5de44d2116fb23c749

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page