Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to define apiKeySource for ApiGateway with custom authorizer #5051

Closed
sandor11 opened this issue Jun 14, 2018 · 0 comments
Closed

Ability to define apiKeySource for ApiGateway with custom authorizer #5051

sandor11 opened this issue Jun 14, 2018 · 0 comments
Labels
help wanted

Comments

@sandor11
Copy link

This is a Feature Proposal

Description

I would like to be able to provide the ability to have my customer authorizer be the source of the api key, as per the aws docs.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
https://docs.aws.amazon.com/apigateway/api-reference/resource/rest-api/#apiKeySource

Event though there is no reference to this setting in the serverless docs, I have tried setting the value in the global provider settings

provider:
    apiGateway:
        apiKeySource: AUTHORIZER

However the cloud formation template does not produce any result with this, which was kind of expected.

"ApiGatewayRestApi": {
    "Type": "AWS::ApiGateway::RestApi",
    "Properties": {
        "Name": "test-api-gateway-dev",
        "EndpointConfiguration": {
            "Types": [
                "REGIONAL"
            ]
        }
    }
}

This should be technically possible, I am wondering if there is any support for this? or if serverless enforces the use of the HEADER value which then requires the key to be provided int the x-api-key header.

  • The use case
    I have the need to expose an API gateway endpoint, to a third party. I want the endpoint to remain private, but I do not want to give them the AWS API Gateway Key. Instead, I want to be able to use a custom authoriser, which will be the source of the key.

This will allow me to keep the benefits of a usage plan, without exposing the details of the key.

  • If there is additional config how would it look
    In terms of config, what I specified above, could be an option. Alternatively, it could be done the same way as the endpointType directly under the provider.

The resulting cloud formation may be trivial https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-apikeysourcetype

"ApiGatewayRestApi": {
    "Type": "AWS::ApiGateway::RestApi",
    "Properties": {
        "Name": "test-api-gateway-dev",
        "EndpointConfiguration": {
            "Types": [
                "REGIONAL"
            ]
        },
        "ApiKeySourceType": "AUTHORIZER"
    }
}

I have not been able to find a reference to this in the serverless docs, forums or the codebase. I would also be happy to work on this if this is something you would like to include.

Additional Data

  • Serverless Framework Version: 1.27.3
  • Operating System: macOS 10.13.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@horike37 @sandor11