Using JWT Authorizers
caution
AWS supports JWT authorizers for HTTP APIs and not REST APIs on the API Gateway service. For REST APIs follow the Lambda authorizer guide
#
1) Update the backend configUpdate the backend config, created here, to enable the JWT feature.
config.ts
import Session from 'supertokens-node/recipe/session'import SuperTokensTypes from 'supertokens-node/types';
function getBackendConfig(): SuperTokensTypes.TypeInput { return { framework: "awsLambda", supertokens: { connectionURI: "..." }, appInfo: { apiDomain: "...", appName: "...", websiteDomain: "..." }, recipeList: [ Session.init({ jwt: { enable: true, }, override: { functions: function (originalImplementation) { return { ...originalImplementation, createNewSession: async function (input) { input.accessTokenPayload = { ...input.accessTokenPayload, /* * AWS requires JWTs to contain an audience (aud) claim * The value for this claim should be the same * as the value you set when creating the * authorizer */ aud: "jwtAuthorizers", };
return originalImplementation.createNewSession(input); }, }; } }, }), ], isInServerlessEnv: true, }}
module.exports.getBackendConfig = getBackendConfig;
#
2) Configure your authorizer- Go to the "Authorizers" tab in the API Gateway configuration and select the "Manage authorizers" tab
- Click "Create", in the creation screen select "JWT" as the "Authorizer type"
- Enter a name for your authorizer (You can enter any name for this field)
- Use
$request.header.Authorization
for the "Identity source". This means that API requests will contain the JWT as a Bearer token under the request header "Authorization". - Use
{apiDomain}/{apiGatewayPath}/{apiBasePath}
for the "Issuer URL", read here to know more - Set a value for the "Audience" field, this will be the value you expect the JWT to have under the
aud
claim. In the backend config above the value is set to"jwtAuthorizers"
#
3) Add the authorizer to your API- In the "Authorization" section select the "Attach authorizers to routes" tab
- Click on the route you want to add the authorizer to and select the authorizer you created from the dropdown
- Click "Attach authorizer"
- Deploy your changes and test your API