Skip to content

ApiGatewayV2Authorizer

Reference doc for the `sst.aws.ApiGatewayV2Authorizer` component.

The ApiGatewayV2Authorizer component is internally used by the ApiGatewayV2 component to add authorizers to Amazon API Gateway HTTP API.

You’ll find this component returned by the addAuthorizer method of the ApiGatewayV2 component.


Constructor

new ApiGatewayV2Authorizer(name, args, opts?)

Parameters

Properties

id

Type Output<string>

The ID of the authorizer.

nodes

Type Object

The underlying resources this component creates.

nodes.authorizer

Type Authorizer

The API Gateway V2 authorizer.

AuthorizerArgs

api

Type Input<Object>

The API Gateway to use for the route.

api.executionArn

Type Input<string>

The execution ARN of the API Gateway.

api.id

Type Input<string>

The ID of the API Gateway.

api.name

Type Input<string>

The name of the API Gateway.

jwt?

Type Input<Object>

Create a JWT or JSON Web Token authorizer that can be used by the routes.

Configure JWT auth.

{
jwt: {
issuer: "https://issuer.com/",
audiences: ["https://api.example.com"],
identitySource: "$request.header.AccessToken"
}
}

You can also use Cognito as the identity provider.

{
jwt: {
audiences: [userPoolClient.id],
issuer: $interpolate`https://cognito-idp.${aws.getArnOutput(userPool).region}.amazonaws.com/${userPool.id}`,
}
}

Where userPool and userPoolClient are:

const userPool = new aws.cognito.UserPool();
const userPoolClient = new aws.cognito.UserPoolClient();

jwt.audiences

Type Input<Input<string>[]>

List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.

jwt.identitySource?

Type Input<string>

Default “$request.header.Authorization”

Specifies where to extract the JWT from the request.

jwt.issuer

Type Input<string>

Base domain of the identity provider that issues JSON Web Tokens.

{
issuer: "https://issuer.com/"
}

lambda?

Type Input<Object>

Create a Lambda authorizer that can be used by the routes.

Configure Lambda auth.

{
lambda: {
function: "src/authorizer.index"
}
}

lambda.function

Type Input<string | FunctionArgs>

The Lambda authorizer function. Takes the handler path or the function args.

Add a simple authorizer.

{
function: "src/authorizer.index"
}

Customize the authorizer handler.

{
function: {
handler: "src/authorizer.index",
memory: "2048 MB"
}
}

lambda.identitySources?

Type Input<Input<string>[]>

Default [“$request.header.Authorization”]

Specifies where to extract the identity from.

{
identitySources: ["$request.header.RequestToken"]
}

lambda.payload?

Type Input<1.0 | 2.0>

Default “2.0”

The JWT payload version.

{
payload: "2.0"
}

lambda.response?

Type Input<simple | iam>

Default “simple”

The response type.

{
response: "iam"
}

lambda.ttl?

Type Input<${number} minute | ${number} minutes | ${number} hour | ${number} hours | ${number} second | ${number} seconds>

Default Not cached

The time to live (TTL) for the authorizer.

{
ttl: "300 seconds"
}

name

Type string

The name of the authorizer.

{
name: "myAuthorizer"
}

transform?

Type Object

Transform how this component creates its underlying resources.

transform.authorizer?

Type AuthorizerArgs | (args: AuthorizerArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway authorizer resource.