Authorizer
Last updated
Last updated
The authorizer section configures the authorization mechanism. ServerlessAPIGateway currently supports JWT (JSON Web Token) based authorization with HS256 algorithm.
Serverless API Gateway now support Auth0. Check its integration .
type
: Type of authorization (e.g., JWT).
secret
: Secret key for authorization.
algorithm
: Algorithm used for token validation.
audience
: Intended audience of the token.
issuer
: The issuer of the token.
Example
An error returns when a JOSE Algorithm is not allowed per developer preference.
Response
An error returns when a JWE ciphertext decryption fails.
Response
An error returns when the JWE format is invalid.
Response
An error returns when a JWT has expired.
Response
An error returns when validation of a JWT claim fails.
Response
An error returns when the JWT is invalid.
Response
An error returns when no matching key is found in the JWKS.
Response
An error returns when the JWKS is invalid.
Response
An error returns when multiple matching keys are found in the JWKS.
Response
An error thrown when the JWS is invalid.
Response
An error returns when JWS signature verification fails.
Response
An error thrown for any other JWT verification failures not specifically covered by the other errors.
Response
Serverless API Gateway uses and error states implemented with its error types. Example response: