JSPM

@aws-cdk/aws-apigatewayv2-authorizers

1.93.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1328
  • Score
    100M100P100Q55853F
  • License Apache-2.0

Authorizers for AWS APIGateway V2

Package Exports

  • @aws-cdk/aws-apigatewayv2-authorizers

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@aws-cdk/aws-apigatewayv2-authorizers) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

AWS APIGatewayv2 Authorizers

cdk-constructs: Experimental

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Table of Contents

HTTP APIs

API Gateway supports multiple mechanisms for controlling and managing access to your HTTP API. They are mainly classified into Lambda Authorizers, JWT authorizers and standard AWS IAM roles and policies. More information is available at Controlling and managing access to an HTTP API.

JWT Authorizers

JWT authorizers allow the use of JSON Web Tokens (JWTs) as part of OpenID Connect and OAuth 2.0 frameworks to allow and restrict clients from accessing HTTP APIs.

When configured on a route, the API Gateway service validates the JWTs submitted by the client, and allows or denies access based on its content.

API gateway uses the identitySource to determine where to look for the token. By default it checks the http Authorization header. However it also supports a number of other options. It then decodes the JWT and validates the signature and claims, against the options defined in the authorizer and route (scopes). For more information check the JWT Authorizer documentation.

const authorizer = new HttpJwtAuthorizer({
  jwtAudience: ['3131231'],
  jwtIssuer: 'https://test.us.auth0.com',
});

const api = new HttpApi(stack, 'HttpApi');

api.addRoutes({
  integration: new HttpProxyIntegration({
    url: 'https://get-books-proxy.myproxy.internal',
  }),
  path: '/books',
  authorizer,
});

User Pool Authorizer

User Pool Authorizer is a type of JWT Authorizer that uses a Cognito user pool and app client to control who can access your Api. After a successful authorization from the app client, the generated access token will be used as the JWT.

Clients accessing an API that uses a user pool authorizer must first sign in to a user pool and obtain an identity or access token. They must then use this token in the Authorization header of the API call. More information is available at using Amazon Cognito user pools as authorizer.

const userPool = new UserPool(stack, 'UserPool');
const userPoolClient = userPool.addClient('UserPoolClient');

const authorizer = new HttpUserPoolAuthorizer({
  userPool,
  userPoolClient,
});

const api = new HttpApi(stack, 'HttpApi');

api.addRoutes({
  integration: new HttpProxyIntegration({
    url: 'https://get-books-proxy.myproxy.internal',
  }),
  path: '/books',
  authorizer,
});