Authorizer

Last updated 6 months ago

Authorizer

The authorizer section configures the authorization mechanism. ServerlessAPIGateway currently supports JWT (JSON Web Token) based authorization with HS256 algorithm.

Serverless API Gateway now support Auth0. Check its integration .

type: Type of authorization (e.g., JWT).
secret: Secret key for authorization.
algorithm: Algorithm used for token validation.
audience: Intended audience of the token.
issuer: The issuer of the token.

Example

{
    "authorizer": {
        "type": "jwt",
        "secret": "{YOUR_SECRET_KEY}",
        "algorithm": "HS256",
        "audience": "opensourcecommunity",
        "issuer": "serverlessapigw"
    },
}

JWT Error

{
    "error": "Signature verification failed",
    "code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED"
}

Error Codes and Responses

JOSEAlgNotAllowed

An error returns when a JOSE Algorithm is not allowed per developer preference.

Response

{
    "error": "Algorithm not allowed",
    "code": "ERR_JOSE_ALG_NOT_ALLOWED"
}

JWEDecryptionFailed

An error returns when a JWE ciphertext decryption fails.

Response

{
    "error": "Decryption failed",
    "code": "ERR_JWE_DECRYPTION_FAILED"
}

JWEInvalid

An error returns when the JWE format is invalid.

Response

{
    "error": "Invalid JWE",
    "code": "ERR_JWE_INVALID"
}

JWTExpired

An error returns when a JWT has expired.

Response

{
    "error": "Token has expired.",
    "code": "ERR_JWT_EXPIRED"
}

JWTClaimValidationFailed

An error returns when validation of a JWT claim fails.

Response

{
    "error": "JWT claim validation failed",
    "code": "ERR_JWT_CLAIM_VALIDATION_FAILED"
}

JWTInvalid

An error returns when the JWT is invalid.

Response

{
    "error": "Invalid JWT",
    "code": "ERR_JWT_INVALID"
}

JWKSNoMatchingKey

An error returns when no matching key is found in the JWKS.

Response

{
    "error": "No matching key found in JWKS.",
    "code": "ERR_JWKS_NO_MATCHING_KEY"
}

JWKSInvalid

An error returns when the JWKS is invalid.

Response

{
    "error": "Invalid JWKS",
    "code": "ERR_JWKS_INVALID"
}

JWKSMultipleMatchingKeys

An error returns when multiple matching keys are found in the JWKS.

Response

{
    "error": "Multiple matching keys found in JWKS.",
    "code": "ERR_JWKS_MULTIPLE_MATCHING_KEYS"
}

JWSInvalid

An error thrown when the JWS is invalid.

Response

{
    "error": "Invalid JWS",
    "code": "ERR_JWS_INVALID"
}

JWSSignatureVerificationFailed

An error returns when JWS signature verification fails.

Response

{
    "error": "Signature verification failed",
    "code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED"
}

JWT Verification Failed

An error thrown for any other JWT verification failures not specifically covered by the other errors.

Response

{
    "error": "JWT verification failed",
    "code": "AUTH_ERROR"
}

PreviousAdd and Remove Prefix NextCORS

Last updated 6 months ago

The authorizer section configures the authorization mechanism. ServerlessAPIGateway currently supports JWT (JSON Web Token) based authorization with HS256 algorithm.

Serverless API Gateway now support Auth0. Check its integration .

type: Type of authorization (e.g., JWT).
secret: Secret key for authorization.
algorithm: Algorithm used for token validation.
audience: Intended audience of the token.
issuer: The issuer of the token.

Example

{
    "authorizer": {
        "type": "jwt",
        "secret": "{YOUR_SECRET_KEY}",
        "algorithm": "HS256",
        "audience": "opensourcecommunity",
        "issuer": "serverlessapigw"
    },
}

JWT Error

Serverless API Gateway uses and error states implemented with its error types. Example response:

{
    "error": "Signature verification failed",
    "code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED"
}

Error Codes and Responses

JOSEAlgNotAllowed

An error returns when a JOSE Algorithm is not allowed per developer preference.

Response

{
    "error": "Algorithm not allowed",
    "code": "ERR_JOSE_ALG_NOT_ALLOWED"
}

JWEDecryptionFailed

An error returns when a JWE ciphertext decryption fails.

Response

{
    "error": "Decryption failed",
    "code": "ERR_JWE_DECRYPTION_FAILED"
}

JWEInvalid

An error returns when the JWE format is invalid.

Response

{
    "error": "Invalid JWE",
    "code": "ERR_JWE_INVALID"
}

JWTExpired

An error returns when a JWT has expired.

Response

{
    "error": "Token has expired.",
    "code": "ERR_JWT_EXPIRED"
}

JWTClaimValidationFailed

An error returns when validation of a JWT claim fails.

Response

{
    "error": "JWT claim validation failed",
    "code": "ERR_JWT_CLAIM_VALIDATION_FAILED"
}

JWTInvalid

An error returns when the JWT is invalid.

Response

{
    "error": "Invalid JWT",
    "code": "ERR_JWT_INVALID"
}

JWKSNoMatchingKey

An error returns when no matching key is found in the JWKS.

Response

{
    "error": "No matching key found in JWKS.",
    "code": "ERR_JWKS_NO_MATCHING_KEY"
}

JWKSInvalid

An error returns when the JWKS is invalid.

Response

{
    "error": "Invalid JWKS",
    "code": "ERR_JWKS_INVALID"
}

JWKSMultipleMatchingKeys

An error returns when multiple matching keys are found in the JWKS.

Response

{
    "error": "Multiple matching keys found in JWKS.",
    "code": "ERR_JWKS_MULTIPLE_MATCHING_KEYS"
}

JWSInvalid

An error thrown when the JWS is invalid.

Response

{
    "error": "Invalid JWS",
    "code": "ERR_JWS_INVALID"
}

JWSSignatureVerificationFailed

An error returns when JWS signature verification fails.

Response

{
    "error": "Signature verification failed",
    "code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED"
}

JWT Verification Failed

An error thrown for any other JWT verification failures not specifically covered by the other errors.

Response

{
    "error": "JWT verification failed",
    "code": "AUTH_ERROR"
}