-
Notifications
You must be signed in to change notification settings - Fork 2
How To Fork It
Chris/0 edited this page Jan 24, 2019
·
1 revision
Whether by git submodule or by straight-up fork, the code for the authorizer can be integrated into your own projects.
The function requires two environment variables to be present:
-
AUDIENCEis the API for which authentication is intended. This is set tohttps://api.cimpress.io/for Cimpress MCP. -
AUTHORITYis the base URI at which the authentication provider's JWKS can be found. This is set tohttps://cimpress.auth0.com/for Cimpress MCP.
The forked authorizer can be configured via SAM or Serverless templates. [SAM]: https://github.com/awslabs/serverless-application-model
An example Serverless template is very similar to the template for accessing the authorizer via ARN:
…
custom:
<<: &authorizer # This can be repetitive if you have many functions, so use the YAML "anchor" feature.
name: authorize
identityValidationExpression: ^Bearer +[-0-9a-zA-Z\._]*$
functions:
routeRequest:
handler: handler.routeRequest
events:
- http:
path: routeRequest
method: POST
authorizer: *authorizer
authorize:
handler: authorizer.default
description: Authenticates requests to the Cimpress Mass Customization Platform.
environment:
AUDIENCE: https://api.cimpress.io/
AUTHORITY: https://cimpress.auth0.com/
resources:
Resources:
AuthFailureGatewayResponse:
Type: AWS::ApiGateway::GatewayResponse
Properties:
StatusCode: '401'
ResponseType: UNAUTHORIZED
ResponseTemplates:
application/json: >
{"message":$context.error.messageString}
ResponseParameters:
gatewayresponse.header.WWW-Authenticate: >-
'Bearer realm="https://api.cimpress.io/", authorization_uri="https://cimpress.auth0.com/oauth/token"'
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Expose-Headers: "'WWW-Authenticate'"
RestApiId:
Ref: 'ApiGatewayRestApi'
…