Custom JSON-Web-Token AWS Lambda Authorizer function for Amazon API Gateway with Bearer JWT
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.editorconfig initial commit Nov 15, 2016
.gitignore use serverless framework in favour of cfn template May 6, 2017
LICENSE
README.md
index.js
package.json
serverless.yml use serverless framework in favour of cfn template May 6, 2017
test.json
yarn.lock use serverless framework in favour of cfn template May 6, 2017

README.md

jwtAuthorizer - Custom JWT AWS Lambda Authorizer for Amazon API Gateway

A Custom Authorizer AWS Lambda function for Amazon API Gateway which takes a JSON Web Token (JWT) in Bearer format from Authorization HTTP header.

Read more about Custom Authorizers at AWS Docs.

The JWT is verified against a secret (in case of HSA encryption) and some other claims (should be at least audience and issuer).

The jwtAuthorizr lambda function makes use of the aweseome jsonwebtoken package at NPM.

Secret and claims can be different for every used stage environment. In this example, jwtAuthorizr lambda function reads them from environment variables which should be baked into the function deployment for each stage. But Lambda could also load them from e.g. S3 or DynamoDB or something completely different.

The token in the test event in test.json uses these secrets and claims:

  • iss: dasniko
  • aud: demo
  • secret: secret