Class TokenAuthorizerProps
Properties for TokenAuthorizer.
Inheritance
Namespace: Amazon.CDK.AWS.APIGateway
Assembly: Amazon.CDK.AWS.APIGateway.dll
Syntax (csharp)
public class TokenAuthorizerProps : Object, ITokenAuthorizerProps, ILambdaAuthorizerProps
Syntax (vb)
Public Class TokenAuthorizerProps
Inherits Object
Implements ITokenAuthorizerProps, ILambdaAuthorizerProps
Remarks
ExampleMetadata: infused
Examples
Function authFn;
Resource books;
var auth = new TokenAuthorizer(this, "booksAuthorizer", new TokenAuthorizerProps {
Handler = authFn
});
books.AddMethod("GET", new HttpIntegration("http://amazon.com"), new MethodOptions {
Authorizer = auth
});
Synopsis
Constructors
TokenAuthorizerProps() |
Properties
AssumeRole | An optional IAM role for APIGateway to assume before calling the Lambda-based authorizer. |
AuthorizerName | An optional human friendly name for the authorizer. |
Handler | The handler for the authorizer lambda function. |
IdentitySource | The request header mapping expression for the bearer token. |
ResultsCacheTtl | How long APIGateway should cache the results. |
ValidationRegex | An optional regex to be matched against the authorization token. |
Constructors
TokenAuthorizerProps()
public TokenAuthorizerProps()
Properties
AssumeRole
An optional IAM role for APIGateway to assume before calling the Lambda-based authorizer.
public IRole AssumeRole { get; set; }
Property Value
Remarks
The IAM role must be assumable by 'apigateway.amazonaws.com'.
Default: - A resource policy is added to the Lambda function allowing apigateway.amazonaws.com to invoke the function.
AuthorizerName
An optional human friendly name for the authorizer.
public string AuthorizerName { get; set; }
Property Value
System.String
Remarks
Note that, this is not the primary identifier of the authorizer.
Default: - the unique construcrt ID
Handler
The handler for the authorizer lambda function.
public IFunction Handler { get; set; }
Property Value
Remarks
The handler must follow a very specific protocol on the input it receives and the output it needs to produce. API Gateway has documented the handler's input specification {@link https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-input.html | here} and output specification {@link https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html | here}.
IdentitySource
The request header mapping expression for the bearer token.
public string IdentitySource { get; set; }
Property Value
System.String
Remarks
This is typically passed as part of the header, in which case
this should be method.request.header.Authorizer
where Authorizer is the header containing the bearer token.
Default: IdentitySource.header('Authorization')
See: https://docs.aws.amazon.com/apigateway/api-reference/link-relation/authorizer-create/#identitySource
ResultsCacheTtl
How long APIGateway should cache the results.
public Duration ResultsCacheTtl { get; set; }
Property Value
Remarks
Max 1 hour. Disable caching by setting this to 0.
Default: Duration.minutes(5)
ValidationRegex
An optional regex to be matched against the authorization token.
public string ValidationRegex { get; set; }
Property Value
System.String
Remarks
When matched the authorizer lambda is invoked, otherwise a 401 Unauthorized is returned to the client.
Default: - no regex filter will be applied.