OAuth2Authorizer

Definition for an OAuth 2.0 authorizer, also known to as a JSON Web Token (JWT) authorizer.

For more information, see Controlling access to HTTP APIs with JWT authorizers in the API Gateway Developer Guide.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

YAML


  AuthorizationScopes: List
  IdentitySource: String
  JwtConfiguration: Map

Properties

AuthorizationScopes

List of authorization scopes for this authorizer.

Type: List

Required: No

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

IdentitySource

Identity source expression for this authorizer.

Type: String

Required: No

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

JwtConfiguration

JWT configuration for this authorizer.

This is passed through to the jwtConfiguration section of an x-amazon-apigateway-authorizer in the securitySchemes section of an OpenAPI definition.

Note

Properties issuer and audience are case insensitive and can be used either lowercase as in OpenAPI or uppercase Issuer and Audience as in AWS::ApiGatewayV2::Authorizer.

Type: Map

Required: No

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

Examples

OAuth 2.0 authorizer

OAuth 2.0 authorizer Example

YAML


Auth:
  Authorizers:
    OAuth2Authorizer:
      AuthorizationScopes:
        - scope1
      JwtConfiguration:
        issuer: "https://www.example.com/v1/connect/oauth2"
        audience:
          - MyApi
      IdentitySource: "$request.querystring.param"
  DefaultAuthorizer: OAuth2Authorizer

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

LambdaAuthorizationIdentity

HttpApiCorsConfiguration