AssemblyLift
HomeRepo
v0.3
v0.3
  • Welcome to AssemblyLift
  • Learn AssemblyLift
    • Getting Started
    • Services
      • Functions
      • Authorizers
      • IOmod Dependencies
    • Functions
      • Rust Functions
    • IO Modules
      • Registry
    • User Terraform
    • Providers
    • How to Build
    • How to Deploy
  • Development
    • Design Pillars
  • Resources
    • The Lexicon
    • Tutorial: Build a "todo list" backend with AssemblyLift
Powered by GitBook
On this page

Was this helpful?

  1. Learn AssemblyLift
  2. Services

Authorizers

Defining a Function Authorizer within a Service

PreviousFunctionsNextIOmod Dependencies

Last updated 3 years ago

Was this helpful?

Authorizers are defined in the api.authorizers table within the service manifest.

service.toml
[api.authorizers.iam]
auth_type = "iam"
# IAM authorizers take no parameters

To be of any use, an authorizer must be attached to a function (see authorizer_id in ). The type of authorizer must also be supported by the API provider. At this time the default provider (AWS Lambda/APIGW) supports two types of authorization; IAM or JWT.

Authorizers protect only the publicly defined API of a function (such as an HTTP route); a Lambda function can still be invoked by other means (such as the AWS SDK).

Without an attached authorizer, your functions will be publicly accessible via HTTP if a route is defined. We recommend always using at least an IAM authorizer during development. Tools such as will help you test protected routes.

service.toml
[api.authorizers.cognito]
auth_type = "JWT"
audience = ["client_id"]
issuer = "issuer_url"
scopes = ["claim1", "claim2", ...] # optional

The JWT type is used for authorizers such as Cognito or Auth0, which support JWT/OAuth authorization.

Functions
Postman