CognitoAuthorizer provides the definition for a Cognito User Pools Authorizer for API Gateway.

interface CognitoAuthorizer {
    authorizerName?: string;
    authorizerResultTtlInSeconds?: number;
    identitySource: string[];
    identityValidationExpression?: string;
    methodsToAuthorize?: string[];
    parameterName: string;
    providerARNs: any[];
}

Properties

authorizerName?: string

The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.

authorizerResultTtlInSeconds?: number

The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.

identitySource: string[]

List containing the request header that holds the authorization token. Example: if the token header is Auth the identity source would be ["method.request.header.Auth"]

identityValidationExpression?: string

A regular expression for validating the token as the incoming identity. It only invokes the authorizer if there is a match, else it will return a 401. Example: "^x-[a-z]+"

methodsToAuthorize?: string[]

For method authorization, you can define resource servers and custom scopes by specifying the "resource-server/scope". e.g. ["com.hamuta.movies/drama.view", "http://my.resource.com/file.read"] For more information on resource servers and custom scopes visit the AWS documentation - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html

parameterName: string

parameterName is the name of the header containing the authorization token.

providerARNs: any[]

The ARNs of the Cognito User Pools to use.

Generated using TypeDoc