README
aws-jwt-authorizer
A flexible JWT Authorizer function for AWS Lambda
aws-jwt-authorizer
is heavily based Mohamed’s Authorizer and Secrets Manager and Chad’s ggs-serverless-jwt
.
This implementation adds the following:
- The Public Key for JWT verification is:
- loaded from Secrets Manager
- using a key derived from the Issuer (
iss
) in the JWT - cached in memory for a configurable amount of time
- Almost all aspects of the Authorizer are configurable
- has automated tests
Usage
npm add @goodgamestudios/aws-jwt-authorizer
Then modify your serverless.yml
to make use of this. Add the following
function
with a suitable name:
function:
...
jwt-authorizer:
handler: @goodgamestudios/aws-jwt-authorizer
name: service_stage_jwt-authorizer
Define the following environment variables,
provider:
environment:
JWT_AUTH_ISSUERS: A space or comma separated, case sensitive list of acceptable issuers
GAME_STAGE: 'live' or 'test'
# Optional
JWT_AUTH_ALGORITHMS: Defaults to 'RS256, RS384, RS512'
JWT_AUTH_CLOCK_TOLERANCE: 30
AWS_SECRET_VALUE_TTL: e.g. '10 min', '20s' etc
In your existing functions, do
function:
app:
handler: existing_handler.app
events:
- http:
path: "/path"
method: get
# This is the important bit!:
authorizer:
name: jwt-authorizer
resultTtlInSeconds: 60
identitySource: method.request.header.Authorization
identityValidationExpression: '^Bearer [-0-9a-zA-Z.+/=_]*