In my cdk stack I have an api endpoint that calls a lambda and that is protected by a TokenAuthorizer using a JWT, that looks like:
// inside my cdk Construct
const auth = new apiGateway.TokenAuthorizer(this, "Authorizer", {
handler: authorizeUserLambda
});
const api = new apiGateway.RestApi(this, "ApiGateway-lambda-authorizer", {
description: "my api"
});
const users = api.root.addResource("users");
const getUser = users.addResource("{userId}");
const getUserIntegration = new apiGateway.LambdaIntegration(getUserLambda);
getUser.addMethod("GET", getUserIntegration, {authorizer: auth});
And the handler for authorizeUserLambda itself:
// types removed
function generatePolicy(principalId, effect, resource) {
const authResponse = {
principalId,
context: {
stringKey: "stringval",
numberKey: 123,
booleanKey: true
}
};
if (effect && resource) {
return {
...authResponse,
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Action: "execute-api:Invoke",
Effect: effect,
Resource: resource
}
]
}
};
}
return authResponse;
}
export const handler = async function authorizeUser(event) {
const jwt = event.authorizationToken?.split(" ")[1];
try {
if (verify(jwt, secret)) {
return generatePolicy("user", "Allow", event.methodArn);
}
return generatePolicy("user", "Deny", event.methodArn);
} catch {
return "Error: Invalid token";
}
};
This code does successfully decode the JWT and authenticate a user, but how would I pass the payload of the JWT (or anything at all from authorizer function) to the getUserLambda function? Do I need to create a reference to the function's output inside the Construct? The JWT payload has a userId and role inside that I want access to for lambdas like getUser.
from Recent Questions - Stack Overflow https://ift.tt/3qPIAYf
https://ift.tt/eA8V8J
No comments:
Post a Comment