Authorizer
The authorizer section configures the authorization mechanism. ServerlessAPIGateway currently supports JWT (JSON Web Token) based authorization with HS256 algorithm.
Serverless API Gateway now support Auth0. Check its integration page.
type
: Type of authorization (e.g., JWT).secret
: Secret key for authorization.algorithm
: Algorithm used for token validation.audience
: Intended audience of the token.issuer
: The issuer of the token.
Example
{
"authorizer": {
"type": "jwt",
"secret": "{YOUR_SECRET_KEY}",
"algorithm": "HS256",
"audience": "opensourcecommunity",
"issuer": "serverlessapigw"
},
}
JWT Error
Serverless API Gateway uses JOSE JWT and error states implemented with its error types. Example response:
{
"error": "Signature verification failed",
"code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED"
}
Error Codes and Responses
JOSEAlgNotAllowed
An error returns when a JOSE Algorithm is not allowed per developer preference.
Response
{
"error": "Algorithm not allowed",
"code": "ERR_JOSE_ALG_NOT_ALLOWED"
}
JWEDecryptionFailed
An error returns when a JWE ciphertext decryption fails.
Response
{
"error": "Decryption failed",
"code": "ERR_JWE_DECRYPTION_FAILED"
}
JWEInvalid
An error returns when the JWE format is invalid.
Response
{
"error": "Invalid JWE",
"code": "ERR_JWE_INVALID"
}
JWTExpired
An error returns when a JWT has expired.
Response
{
"error": "Token has expired.",
"code": "ERR_JWT_EXPIRED"
}
JWTClaimValidationFailed
An error returns when validation of a JWT claim fails.
Response
{
"error": "JWT claim validation failed",
"code": "ERR_JWT_CLAIM_VALIDATION_FAILED"
}
JWTInvalid
An error returns when the JWT is invalid.
Response
{
"error": "Invalid JWT",
"code": "ERR_JWT_INVALID"
}
JWKSNoMatchingKey
An error returns when no matching key is found in the JWKS.
Response
{
"error": "No matching key found in JWKS.",
"code": "ERR_JWKS_NO_MATCHING_KEY"
}
JWKSInvalid
An error returns when the JWKS is invalid.
Response
{
"error": "Invalid JWKS",
"code": "ERR_JWKS_INVALID"
}
JWKSMultipleMatchingKeys
An error returns when multiple matching keys are found in the JWKS.
Response
{
"error": "Multiple matching keys found in JWKS.",
"code": "ERR_JWKS_MULTIPLE_MATCHING_KEYS"
}
JWSInvalid
An error thrown when the JWS is invalid.
Response
{
"error": "Invalid JWS",
"code": "ERR_JWS_INVALID"
}
JWSSignatureVerificationFailed
An error returns when JWS signature verification fails.
Response
{
"error": "Signature verification failed",
"code": "ERR_JWS_SIGNATURE_VERIFICATION_FAILED"
}
JWT Verification Failed
An error thrown for any other JWT verification failures not specifically covered by the other errors.
Response
{
"error": "JWT verification failed",
"code": "AUTH_ERROR"
}
Last updated