# Authorizer The authorizer section configures the authorization mechanism. ServerlessAPIGateway currently supports JWT (JSON Web Token) based authorization with HS256 algorithm. > Serverless API Gateway now support Auth0. Check its integration [page](https://docs.serverlessapigateway.com/configuration/auth0). * `type`: Type of authorization (e.g., JWT). * `secret`: Secret key for authorization. * `algorithm`: Algorithm used for token validation. * `audience`: Intended audience of the token. * `issuer`: The issuer of the token. **Example** ``` { "authorizer": { "type": "jwt", "secret": "{YOUR_SECRET_KEY}", "algorithm": "HS256", "audience": "opensourcecommunity", "issuer": "serverlessapigw" }, } ``` ### JWT Error Serverless API Gateway uses [JOSE JWT](https://github.com/panva/jose) and error states implemented with its error types. Example response: ```json { "error": "Signature verification failed", "code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED" } ``` ### Error Codes and Responses #### JOSEAlgNotAllowed An error returns when a JOSE Algorithm is not allowed per developer preference. Response ```json { "error": "Algorithm not allowed", "code": "ERR_JOSE_ALG_NOT_ALLOWED" } ``` #### JWEDecryptionFailed An error returns when a JWE ciphertext decryption fails. **Response** ```json { "error": "Decryption failed", "code": "ERR_JWE_DECRYPTION_FAILED" } ``` #### JWEInvalid An error returns when the JWE format is invalid. **Response** ```json { "error": "Invalid JWE", "code": "ERR_JWE_INVALID" } ``` #### JWTExpired An error returns when a JWT has expired. **Response** ```json { "error": "Token has expired.", "code": "ERR_JWT_EXPIRED" } ``` #### JWTClaimValidationFailed An error returns when validation of a JWT claim fails. **Response** ```json { "error": "JWT claim validation failed", "code": "ERR_JWT_CLAIM_VALIDATION_FAILED" } ``` #### JWTInvalid An error returns when the JWT is invalid. **Response** ```json { "error": "Invalid JWT", "code": "ERR_JWT_INVALID" } ``` #### JWKSNoMatchingKey An error returns when no matching key is found in the JWKS. **Response** ```json { "error": "No matching key found in JWKS.", "code": "ERR_JWKS_NO_MATCHING_KEY" } ``` #### JWKSInvalid An error returns when the JWKS is invalid. **Response** ```json { "error": "Invalid JWKS", "code": "ERR_JWKS_INVALID" } ``` #### JWKSMultipleMatchingKeys An error returns when multiple matching keys are found in the JWKS. **Response** ```json { "error": "Multiple matching keys found in JWKS.", "code": "ERR_JWKS_MULTIPLE_MATCHING_KEYS" } ``` #### JWSInvalid An error thrown when the JWS is invalid. **Response** ```json { "error": "Invalid JWS", "code": "ERR_JWS_INVALID" } ``` #### JWSSignatureVerificationFailed An error returns when JWS signature verification fails. **Response** ```json { "error": "Signature verification failed", "code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED" } ``` #### JWT Verification Failed An error thrown for any other JWT verification failures not specifically covered by the other errors. **Response** ```json { "error": "JWT verification failed", "code": "AUTH_ERROR" } ```