serverless-cloudside-plugin icon indicating copy to clipboard operation
serverless-cloudside-plugin copied to clipboard

Published 20 hours ago verified publisher icon jeremydaly

Enhancement: Transform cloudformation in http api authorizers

Open Ankcorn opened this issue 4 years ago • 1 comments

Transforming any cloud formation referenced in the custom authorizers section would help with building ephemeral authenticated API's. I think if this plugin looped through the authorizers array the same way it did the functions it could support this.

httpApi:
    payload: "2.0"
    authorizers:
      Authorizer:
        identitySource: $request.header.Authorization
        issuerUrl: !GetAtt UserPool.ProviderURL
        audience: !Ref UserPoolClient

I'm working on an over-engineered boilerplate and am trying to get everything working both locally and in the cloud

https://github.com/Ankcorn/serverless-fullstack-example-app

run npm i && serverless deploy --stage local && npm start

The jwt is from the wrong issuer when requests go react app -> serverless offline backend because the issuer is

{
   authorizerName: 'Authorizer',
   name: 'Authorizer',
   identitySource: '$request.header.Authorization',
   issuerUrl: { 'Fn::GetAtt': [ 'UserPool', 'ProviderURL' ] },
   audience: { Ref: 'UserPoolClient' }
}

Ankcorn avatar Aug 26 '20 11:08 Ankcorn

I have made a start on this.

I see the current GetAtt support is limited so I am planning to add support to generate providerURLs.

I modified the function signature of parseEnvs to this so I can assign the authorizer URLs back to the right place

const parseEnvs = ({ envs = {}, fn, authorizer })

if you can think of a nicer way shout! 🐱

Ankcorn avatar Aug 26 '20 20:08 Ankcorn