title | category | order |
---|---|---|
Authorization Types |
authorizers |
5 |
By default, calling API Gateway does not require authorization. You can add authorization to your API with [API Gateway authorizers]({% link _docs/routing/authorizers.md %}) and authorization types. There are several authorization types available:
- NONE - open access
- AWS_IAM - use AWS IAM permissions
- CUSTOM - custom authorizer
- COGNITO_USER_POOLS - Cognito User Pool
The complete list of authorization types is available in the AWS API Gateway docs.
You can enable authorization application-wide with config/application.rb
:
Jets.application.configure do
config.api.authorization_type = :aws_iam
end
This will require a caller to authenticate using IAM before being able to access the endpoint.
You can enable controller-wide authorization also. Example:
class PostsController < ApplicationController
authorization_type :aws_iam
end
All PostsController actions will be using AWS_IAM
authorization.
You can also enable authorization on a per-route basis with the authorization_type
option:
Jets.application.routes.draw do
get "posts", to: "posts#index", authorization_type: :aws_iam
end
When using [Jets Authorizers]({% link _docs/routing/authorizers.md %}), Jets will infer the right authorization_type
for CUSTOM
and COGNITO_USER_POOLS
types. So it is recommended to only set authorization_type when you're using other types like AWS_IAM
.