somod-http-authorization-extension

This extension provides a middleware specification to implement the authorization strategy for serverless functions of type HttpApi.

The exact authorization strategy has to be implemented by extending the authorization middleware in this module.

Read more about Serverless Middlewares in somod documentation.

Middleware Context

Access the authorized user from SomodMiddlewareContext using the key somod-http-authorized-user.

Type of somod-http-authorized-user

type SomodHttpAuthorizedUser = {
  id: string;
  attributes: {
    // inspired from openid connect speficication
    // https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
    sub?: string;
    name?: string;
    given_name?: string;
    family_name?: string;
    middle_name?: string;
    nickname?: string;
    preferred_username?: string;
    profile?: string;
    picture?: string;
    website?: string;
    email?: string;
    email_verified?: boolean;
    gender?: string;
    birthdate?: string;
    zoneinfo?: string;
    locale?: string;
    phone_number?: string;
    phone_number_verified?: boolean;
    address?: string;
    updated_at?: string;
  } & Record<string, unknown>; // the authorization implementation can add more attributes
};

Implementing Authorization

Extend the AuthorizationMiddleware resource in this module to provide the actual implementation of authorization.

Read the Serverless Template.yaml documentation to understand how to extend a resource from another SOMOD module

Properties of Authorization Implementation

Take care of the following properties when implementing the authorization middleware.

• The implementation must decide how to authorize the incoming request.
• The implementation should take care of the performance and scaling of the authorization strategy it uses.
• The implementation must produce the somod-http-authorized-user in SomodMiddlewareContext.
• must return a valid http response code during authorization failure.
  • 401 - when there is no OR invalid credential in the request.
  • 403 - credential is valid but not permitted to perform the action in the request.
  • 500 - any other unknown failure.

Issues

The project issues, features, and milestones are maintained in this GitHub repo.

Create issues or feature requests at https://github.com/somod-dev/somod-http-authorization-extension/issues

Contributions

Please read our CONTRIBUTING guide before contributing to this project.