npm
Sign UpSign In

@goodgamestudios/aws-jwt-authorizer

0.0.2 • Public • Published

aws-jwt-authorizer

A flexible JWT Authorizer function for AWS Lambda

pipelinecoverage

aws-jwt-authorizer is heavily based Mohamed’s Authorizer and Secrets Manager and Chad’s ggs-serverless-jwt.

This implementation adds the following:

  • The Public Key for JWT verification is:
    • loaded from Secrets Manager
    • using a key derived from the Issuer (iss) in the JWT
    • cached in memory for a configurable amount of time
  • Almost all aspects of the Authorizer are configurable
  • has automated tests

Usage

npm add @goodgamestudios/aws-jwt-authorizer

Then modify your serverless.yml to make use of this. Add the following function with a suitable name:

function:
  ...
  jwt-authorizer:
    handler: @goodgamestudios/aws-jwt-authorizer
    name: service_stage_jwt-authorizer

Define the following environment variables,

provider:
  environment:
    JWT_AUTH_ISSUERS: A space or comma separated, case sensitive list of acceptable issuers
    GAME_STAGE: 'live' or 'test'

    # Optional
    JWT_AUTH_ALGORITHMS: Defaults to 'RS256, RS384, RS512'
    JWT_AUTH_CLOCK_TOLERANCE: 30
    AWS_SECRET_VALUE_TTL: e.g. '10 min', '20s' etc

In your existing functions, do

function:
  app:
    handler: existing_handler.app
    events:
      - http:
          path: "/path"
          method: get
          # This is the important bit!:
          authorizer:
            name: jwt-authorizer
            resultTtlInSeconds: 60
            identitySource: method.request.header.Authorization
            identityValidationExpression: '^Bearer [-0-9a-zA-Z.+/=_]*$'

Advanced usage

createJwtAuthorizer is fully customizable. All arguments are optional.

const createJwtAuthorizer = require('@goodgamestudios/aws-jwt-authorizer/create')

module.exports = createJwtAuthorizer({
  algorithms: 'RS256', // string or array of strings
  issuer: ['myIssuer', 'myOtherIssuer'], // string or array of strings
  clockTolerance: 60,
  getToken(event) {},
  getPublicKey(event, decodedToken) {},
  shouldAllow(event, verifiedToken) {}
})
  • getToken(event) - get the JWT based on event
  • getPublicKey(event, decodedToken) - get the public key based on event and decodedToken. This key will be used to verify the token’s signature.
  • shouldAllow(event, verifiedToken) - return true if access to the requested resource should be allowed, based on the event and verifiedToken

Dependents (0)

Package Sidebar

Install

npm i @goodgamestudios/aws-jwt-authorizer

Homepage

gitlab.goodgamestudios.com/apizsa/sls-jwt-authorizer

Weekly Downloads

2

Version

0.0.2

License

ISC

Unpacked Size

15.7 kB

Total Files

12

Last publish

Collaborators

  • ntggs
  • pverza-ggs
  • prosenboom
  • sashamat
  • mbahri
  • rtryputsko-ext-ggs
  • abuhler_ggs
  • jonasbraga-ggs
  • rschmidt-ggs
  • ssydorenko-ggs
  • vtenekedzhiev-ggs
  • tschrader-ggs
  • goodgame
  • jenkinshtml5migra
  • ddepaolis-ggs
  • boczujda_ggs
  • guest-ggs
  • andreaspizsa
  • cgeisler-ggs
  • amartin-ggs
  • mabdallah-ggs
  • jenkinsempire-ggs
  • chadestioco
  • evmoroz
  • ggs-skunkbot
  • stp_ci_ggs
  • it_office
  • iskliarenko
Try on RunKit
Report malware