Class: AWSCDK::APIGateway::TokenAuthorizer

Inherits:
Authorizer
  • Object
show all
Includes:
IAuthorizer
Defined in:
api_gateway/token_authorizer.rb

Overview

Token based lambda authorizer that recognizes the caller's identity as a bearer token, such as a JSON Web Token (JWT) or an OAuth token.

Based on the token, authorization is performed by a lambda function.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scope, id, props) ⇒ TokenAuthorizer

Returns a new instance of TokenAuthorizer.

Parameters:



14
15
16
17
18
19
20
# File 'api_gateway/token_authorizer.rb', line 14

def initialize(scope, id, props)
  props = props.is_a?(Hash) ? ::AWSCDK::APIGateway::TokenAuthorizerProps.new(**props.transform_keys(&:to_sym)) : props
  Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope")
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfYXBpZ2F0ZXdheS5Ub2tlbkF1dGhvcml6ZXJQcm9wcyJ9")), "props")
  Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props)
end

Class Method Details

.jsii_overridable_methodsObject



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# File 'api_gateway/token_authorizer.rb', line 22

def self.jsii_overridable_methods
  {
    :node => { kind: :property, name: "node", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :physical_name => { kind: :property, name: "physicalName", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :authorizer_id => { kind: :property, name: "authorizerId", is_optional: false },
    :authorization_type => { kind: :property, name: "authorizationType", is_optional: true },
    :authorizer_arn => { kind: :property, name: "authorizerArn", is_optional: false },
    :authorizer_props => { kind: :property, name: "authorizerProps", is_optional: false },
    :handler => { kind: :property, name: "handler", is_optional: false },
    :role => { kind: :property, name: "role", is_optional: true },
    :rest_api_id => { kind: :property, name: "restApiId", is_optional: true },
    :to_string => { kind: :method, name: "toString", is_optional: false },
    :with => { kind: :method, name: "with", is_optional: false },
    :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false },
    :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false },
    :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false },
    :lazy_rest_api_id => { kind: :method, name: "lazyRestApiId", is_optional: false },
    :setup_permissions => { kind: :method, name: "setupPermissions", is_optional: false },
  }
end

.PROPERTY_INJECTION_IDString

Uniquely identifies this class.

Returns:

  • (String)


107
108
109
# File 'api_gateway/token_authorizer.rb', line 107

def self.PROPERTY_INJECTION_ID()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_apigateway.TokenAuthorizer", "PROPERTY_INJECTION_ID")
end

Instance Method Details

#apply_cross_stack_reference_strength(strength) ⇒ void

This method returns an undefined value.

Override the cross-stack reference strength for this resource.

When set, any cross-stack reference to this resource will use the specified mechanism instead of the global default determined by the @aws-cdk/core:defaultCrossStackReferences context key. This is useful for selectively weakening specific references to avoid the "deadly embrace" problem without changing the app-wide default.

Parameters:



180
181
182
183
# File 'api_gateway/token_authorizer.rb', line 180

def apply_cross_stack_reference_strength(strength)
  Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength")
  jsii_call_method("applyCrossStackReferenceStrength", [strength])
end

#apply_removal_policy(policy) ⇒ void

This method returns an undefined value.

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:



197
198
199
200
# File 'api_gateway/token_authorizer.rb', line 197

def apply_removal_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy")
  jsii_call_method("applyRemovalPolicy", [policy])
end

#authorization_typeAWSCDK::APIGateway::AuthorizationType?

The authorization type of this authorizer.



100
101
102
# File 'api_gateway/token_authorizer.rb', line 100

def authorization_type()
  jsii_get_property("authorizationType")
end

#authorizer_arnString

The ARN of the authorizer to be used in permission policies, such as IAM and resource-based grants.

Returns:

  • (String)


114
115
116
# File 'api_gateway/token_authorizer.rb', line 114

def authorizer_arn()
  jsii_get_property("authorizerArn")
end

#authorizer_idString

The id of the authorizer.

Returns:

  • (String)


93
94
95
# File 'api_gateway/token_authorizer.rb', line 93

def authorizer_id()
  jsii_get_property("authorizerId")
end

#authorizer_propsAWSCDK::APIGateway::CfnAuthorizerProps



119
120
121
# File 'api_gateway/token_authorizer.rb', line 119

def authorizer_props()
  jsii_get_property("authorizerProps")
end

#envAWSCDK::Interfaces::ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.



65
66
67
# File 'api_gateway/token_authorizer.rb', line 65

def env()
  jsii_get_property("env")
end

#generate_physical_nameString

Returns:

  • (String)


203
204
205
# File 'api_gateway/token_authorizer.rb', line 203

def generate_physical_name()
  jsii_call_method("generatePhysicalName", [])
end

#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String

Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).

Normally, this token will resolve to arn_attr, but if the resource is referenced across environments, arn_components will be used to synthesize a concrete ARN with the resource's physical name. Make sure to reference this.physicalName in arn_components.

Parameters:

  • arn_attr (String)

    The CFN attribute which resolves to the ARN of the resource.

  • arn_components (AWSCDK::ARNComponents)

    The format of the ARN of this resource.

Returns:

  • (String)


217
218
219
220
221
222
# File 'api_gateway/token_authorizer.rb', line 217

def get_resource_arn_attribute(arn_attr, arn_components)
  Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr")
  arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components
  Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents")
  jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components])
end

#get_resource_name_attribute(name_attr) ⇒ String

Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).

Normally, this token will resolve to name_attr, but if the resource is referenced across environments, it will be resolved to this.physicalName, which will be a concrete name.

Parameters:

  • name_attr (String)

    The CFN attribute which resolves to the resource's name.

Returns:

  • (String)


232
233
234
235
# File 'api_gateway/token_authorizer.rb', line 232

def get_resource_name_attribute(name_attr)
  Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr")
  jsii_call_method("getResourceNameAttribute", [name_attr])
end

#handlerAWSCDK::Lambda::IFunction

The Lambda function handler that this authorizer uses.



126
127
128
# File 'api_gateway/token_authorizer.rb', line 126

def handler()
  jsii_get_property("handler")
end

#lazy_rest_api_idString

Returns a token that resolves to the Rest Api Id at the time of synthesis.

Throws an error, during token resolution, if no RestApi is attached to this authorizer.

Returns:

  • (String)


242
243
244
# File 'api_gateway/token_authorizer.rb', line 242

def lazy_rest_api_id()
  jsii_call_method("lazyRestApiId", [])
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


50
51
52
# File 'api_gateway/token_authorizer.rb', line 50

def node()
  jsii_get_property("node")
end

#physical_nameString

Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.

This value will resolve to one of the following:

  • a concrete value (e.g. "my-awesome-bucket")
  • undefined, when a name should be generated by CloudFormation
  • a concrete name generated automatically during synthesis, in cross-environment scenarios.

Returns:

  • (String)


79
80
81
# File 'api_gateway/token_authorizer.rb', line 79

def physical_name()
  jsii_get_property("physicalName")
end

#rest_api_idString?

Returns:

  • (String, nil)


138
139
140
# File 'api_gateway/token_authorizer.rb', line 138

def rest_api_id()
  jsii_get_property("restApiId")
end

#rest_api_id=(value) ⇒ Object



142
143
144
145
# File 'api_gateway/token_authorizer.rb', line 142

def rest_api_id=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "restApiId") unless value.nil?
  jsii_set_property("restApiId", value)
end

#roleAWSCDK::IAM::IRole?

The IAM role that the API Gateway service assumes while invoking the Lambda function.

Returns:



133
134
135
# File 'api_gateway/token_authorizer.rb', line 133

def role()
  jsii_get_property("role")
end

#setup_permissionsvoid

This method returns an undefined value.

Sets up the permissions necessary for the API Gateway service to invoke the Lambda function.



249
250
251
# File 'api_gateway/token_authorizer.rb', line 249

def setup_permissions()
  jsii_call_method("setupPermissions", [])
end

#stackAWSCDK::Stack

The stack in which this resource is defined.

Returns:



86
87
88
# File 'api_gateway/token_authorizer.rb', line 86

def stack()
  jsii_get_property("stack")
end

#to_stringString

Returns a string representation of this construct.

Returns:

  • (String)


150
151
152
# File 'api_gateway/token_authorizer.rb', line 150

def to_string()
  jsii_call_method("toString", [])
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited. Use multiple with() calls if subsequent mixins should apply to added constructs.

Parameters:

  • mixins (Array<Constructs::IMixin>)

Returns:

  • (Constructs::IConstruct)


163
164
165
166
167
168
# File 'api_gateway/token_authorizer.rb', line 163

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end