Skip to content

pauloavelar/lambda-jwt-authorizer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

.vscode

.vscode

 
 

cert

cert

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

index.js

index.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

sign.js

sign.js

 
 

tamper.js

tamper.js

 
 

test.js

test.js

 
 

Repository files navigation

API Gateway Custom JWT Authorizer using Lambda function

This is a working example of a Lambda function (index.handler) that validates a JWT token by checking its integrity against a public key and its expiration (this example checks iat + duration instead of exp for personal reasons).

How to get it running

  1. Clone this repo (duh!).

  2. Run npm install to get the dependencies: moment and jsonwebtoken.

  3. Create a RSA key pair for your tests -- more instructions here.

  4. Run sign.js to create a valid signed token using your private key and store it in a file (token.jwt).

  5. Run test.js to test the token against your public key.

  6. Alternatively, run tamper.js to create a valid signed token with another private key so you can see it fail.

How to check the results

API Gateway Custom Authorizers return an AWS policy document to be interpreted by the API call. In order to check if the authorizer would let a call proceed, you must check the response object: policyDocument.Statement.Effect, which can be either Allow or Deny.

About

Custom JWT authorizer example for AWS API Gateway

Topics

nodejs aws jwt aws-lambda api-gateway rsa jwt-token jwt-authentication jwt-auth rsa-key-pair

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages