Skip to content

Latest commit

 

History

History

sls-auth0-authorizer

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
lib
lib
 
 
tests
tests
 
 
README.md
README.md
 
 
event.json
event.json
 
 
handler.js
handler.js
 
 
serverless.yml
serverless.yml
 
 

README.md

Auth0 Serverless Authorizer

This is an API GAteway Lambda custom authorizer that authenticates with Auth0.

It provides bot a aready to use authorizer as well as libraries to write your custom authorizers using Auth0.

Conventions

If the provided defaultAuthorizer is used for an API, the following conventions are used:

  • All urls starting with /user/{userId}/... are allowed only to the user with the given userId (where userId is the Auth0 user user_id field value) or to users in the Admin authorization group (See the Auth0 Authorization Extension)
  • All urls starting with /admin/... are allowd only to users in the Admin authorization group
  • All other urls are Allowed only to logged in users

If you endpoint needs different authorizations, you will need to write a custom authorizer as follows.

Custom Auth0 authorizer

TODO