Class TokenAuthorizerProps

Namespace

Amazon.CDK.AWS.APIGateway

Assembly

Amazon.CDK.AWS.APIGateway.dll

Properties for TokenAuthorizer.

public class TokenAuthorizerProps : ITokenAuthorizerProps, ILambdaAuthorizerProps

Inheritance

object

TokenAuthorizerProps

Implements

ITokenAuthorizerProps

ILambdaAuthorizerProps

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Examples

Function authFn;
            Resource books;


            var auth = new TokenAuthorizer(this, "booksAuthorizer", new TokenAuthorizerProps {
                Handler = authFn
            });

            books.AddMethod("GET", new HttpIntegration("http://amazon.com"), new MethodOptions {
                Authorizer = auth
            });

Remarks

ExampleMetadata: infused

Constructors

TokenAuthorizerProps()

public TokenAuthorizerProps()

Properties

AssumeRole

An optional IAM role for APIGateway to assume before calling the Lambda-based authorizer.

public IRole? AssumeRole { get; set; }

Property Value

IRole

Remarks

The IAM role must be assumable by 'apigateway.amazonaws.com'.

Default: - A resource policy is added to the Lambda function allowing apigateway.amazonaws.com to invoke the function.

AuthorizerName

An optional human friendly name for the authorizer.

public string? AuthorizerName { get; set; }

Property Value

string

Remarks

Note that, this is not the primary identifier of the authorizer.

Default: - the unique construcrt ID

Handler

The handler for the authorizer lambda function.

public IFunction Handler { get; set; }

Property Value

IFunction

Remarks

The handler must follow a very specific protocol on the input it receives and the output it needs to produce. API Gateway has documented the handler's input specification {@link https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-input.html | here} and output specification {@link https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html | here}.

IdentitySource

The request header mapping expression for the bearer token.

public string? IdentitySource { get; set; }

Property Value

string

Remarks

This is typically passed as part of the header, in which case this should be method.request.header.Authorizer where Authorizer is the header containing the bearer token.

Default: IdentitySource.header('Authorization')

See: https://docs.aws.amazon.com/apigateway/api-reference/link-relation/authorizer-create/#identitySource

ResultsCacheTtl

How long APIGateway should cache the results.

public Duration? ResultsCacheTtl { get; set; }

Property Value

Duration

Remarks

Max 1 hour. Disable caching by setting this to 0.

Default: Duration.minutes(5)

ValidationRegex

An optional regex to be matched against the authorization token.

public string? ValidationRegex { get; set; }

Property Value

string

Remarks

When matched the authorizer lambda is invoked, otherwise a 401 Unauthorized is returned to the client.

Default: - no regex filter will be applied.