Feature: Custom Authorizer
thejeff77 opened this issue · 0 comments
This looks great for authorizing with different providers through an intermediary service, and setting up the endpoints to do so!
However, for using the auth-result of this with any other functions, and for re-usability, it seems like an ideal solution would be to use a "custom authorizer" to validate the credentials passed up for subsequent calls which would act as the middleware and pass the profile back to the lambda function.
The test app here appears to put the auth code inline which makes for a lot of duplicate boilerplate.
Authorizer Blueprints: https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/blob/master/blueprints/nodejs/index.js
I'm interested in discussing this, and potentially collaborating on a new project, or helping with this one...
It seems to me that Cognito and Auth0 can be very expensive, and open source Custom Authorizers would be an amazing alternative/cheap open source project to these pay solutions.
Example Deployment:
- Add your config for 1) 3rd party key/secret to your main serverless.yml file, 2) storage preference, etc..
- Import the node package within your functions folder.
- Document how to make a create account endpoint (passing up valid 3rd party federated token)
- Document how to use the library's authorizer to auto-auth and pass the profile to your main function on success. (Ex: https://github.com/eahefnawy/serverless-authorizer/blob/master/serverless.yml)