Authorizers
Defining a Function Authorizer within a Service
Authorizers are defined in the api.authorizers table within the service manifest.
service.toml
1
[api.authorizers.iam]
2
auth_type = "iam"
3
# IAM authorizers take no parameters
Copied!
To be of any use, an authorizer must be attached to a function (see authorizer_id in Functions). The type of authorizer must also be supported by the API provider. At this time the default provider (AWS Lambda/APIGW) supports two types of authorization; IAM or JWT.
Authorizers protect only the publicly defined API of a function (such as an HTTP route); a Lambda function can still be invoked by other means (such as the AWS SDK).
Without an attached authorizer, your functions will be publicly accessible via HTTP if a route is defined. We recommend always using at least an IAM authorizer during development. Tools such as Postman will help you test protected routes.
service.toml
1
[api.authorizers.cognito]
2
auth_type = "JWT"
3
audience = ["client_id"]
4
issuer = "issuer_url"
5
scopes = ["claim1", "claim2", ...] # optional
Copied!
The JWT type is used for authorizers such as Cognito or Auth0, which support JWT/OAuth authorization.
Last modified 20d ago
Copy link