@cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt
Project description
CDK Lambda TokenAuthorizer JWT
Add a lambda function to your project which can be used as a apigateway token authorizer
Install
TypeScript
npm install @cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt
yarn add @cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt
Python
pip install cloudy-with-a-chance-of-meatballs.cdk-lambda-token-authorizer-jwt
Usage
- JWT Token handling: The token verfification is done via https://github.com/auth0/node-jsonwebtoken, the jwks fetcher is using https://github.com/auth0/node-jwks-rsa. The implementation per default verifies the token and if given the expiration.
- JWT Payload: Any verification of the token payload must be done over injecting a json schema for validation using https://ajv.js.org/json-type-definition.html.
- Protocols: main/API.md#iauthorizeroptions
- Example usage with Rest Apigateway
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as apigateway from 'aws-cdk-lib/aws-apigateway';
import { TokenAuthorizerJwtFunction } from '@cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt';
export class HelloworldStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const api = new apigateway.RestApi(this, 'ApiName', {});
const tokenAuthFunction = new TokenAuthorizerJwtFunction(this, 'fnName', {...});
const tokenAuthorizer = new apigateway.TokenAuthorizer(this, 'fnNameApiGwAuthorizer', {
handler: tokenAuthFunction // use the TokenAuthorizerJwtFunction
});
const someMethod = api.someresource.addMethod("GET", some_target_integration, {
authorizer: tokenAuthorizer
});
}
}
- Validation
const myValidation = { properties:{ iss: { enum: ['my_trusted_iss'] } }};
new TokenAuthorizerJwtFunction(stack, 'example-stack', { authorizerOptions: {
tokenPayloadJsonSchema: JSON.stringify(myValidation)
}});
- Using JWKS
new TokenAuthorizerJwtFunction(stack, 'example-stack', { authorizerOptions: {
jwks: {
uri: 'https://example.auth0.com/.well-known/jwks.json';
kid: 'REEyM0FBMDhFQkQ5QjY4Q0YzRjVGNzQ5OTU3RjUzN0FEREFFNzJGMg'
}
}});
- Using asymmetric algorithms, e.g. public key
const myPublicKeyOneliner = '-----BEGIN PUBLIC KEY---\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKuTfz7kpJHPrmcmgx4Xf4GMoM2kK4mh\nMpSOW3qu1zZA1wfMHV8PS0Kds0nXMB6mmHk/Ke1\Et68aEspQRIn1aLcCAwEAAQ==\n-----END PUBLIC KEY-----';
new TokenAuthorizerJwtFunction(stack, 'example-stack', { authorizerOptions: {
secret: myPublicKeyOneliner
}});
- Using symmetric algorithms, same key for sign and verify :warning:
Attention: the key might be exposed during deploy, in the runtime etc.
const mySymmetricSecret = 'sharedSecret';
new TokenAuthorizerJwtFunction(stack, 'example-stack', { authorizerOptions: {
secret: mySymmetricSecret
}});
🍻
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for cloudy-with-a-chance-of-meatballs.cdk-lambda-token-authorizer-jwt-0.0.29.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 767cfed2fa3a0e46a52d4cccf1d5668241a5a52cda6cdb40761f624f56f220df |
|
MD5 | 16b298b2bac8a525014a43c987a83b30 |
|
BLAKE2b-256 | fa897a91bc3c7b38dd3641dc4351eed112a4122ea7b9bbdc2ca03f7143352545 |
Close
Hashes for cloudy_with_a_chance_of_meatballs.cdk_lambda_token_authorizer_jwt-0.0.29-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 52e01914ce41b3158c46314187a85485eeff86bcf255f7cc4d5f7158b4dfd886 |
|
MD5 | b2968f5758f7c17cef982e4c3a269cb8 |
|
BLAKE2b-256 | 0c3dfa85075fd85af75e83f7b74f83a3b51360280f78157db9e16207decc4e93 |