堆栈内存溢出
  简体   繁体   English

如何在 AWS 无服务器 Function 上设置 Oauth 范围?

[英]How to setup Oauth scopes at AWS Serverless Function?

 原文  2020-10-26 12:30:09       amazon-cloudformation/ aws-serverless/ aws-sam/ aws-sam-cli

问题描述

Issue: OAuth Scopes are empty at Method Request Settings using Cloudformation and AWS-SAM问题:OAuth 使用 Cloudformation 和 AWS-SAM 的方法请求设置中的范围为空

Apparently there are a few places where I can declare my authorization scopes, if I got it right, I should declare all scopes at the authorizer and the ones I would like to specify per function at my Function template.显然有几个地方我可以声明我的授权范围,如果我做对了,我应该在授权方声明所有范围,以及我想在我的 Function 模板中根据 function 指定的范围。

This is the template I am trying to fix:这是我要修复的模板:

MyServerlessFn
 Type: AWS::Serverless::Function
    Properties:
      FunctionName: helloWorldFn
      Description: my test using cognito.
      Handler: src/handlers/helloWorld.handler
      Runtime: nodejs12.x
      Events:
        ApplicationPostAPI:
          Type: Api
          Properties:
            Auth:
              AuthorizationScopes:
                - https://foobar.acme.net/full-api
            Method: POST
            Path: /hello/world
            RestApiId: !Ref MyServerlessApi

using sam cli I can validate, build and deploy this template but the oauthScopes are empty when I check it using AWS web console.使用 sam cli 我可以验证、构建和部署这个模板,但是当我使用 AWS web 控制台检查它时,oauthScopes 是空的。

Here the aws doc: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-apifunctionauth.html这里是 aws 文档: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-apifunctionauth.html

1 个解决方案

解决方案1
 0  2021-04-17 14:48:52

I also noticed that the scopes you define on a function level stay empty.我还注意到您在 function 级别上定义的范围保持为空。 Whether the documentation is wrong or a current AWS SAM bug I leave in the midle.无论文档有误还是我在中间留下的当前 AWS SAM 错误。 (see:https://github.com/aws/serverless-application-model/issues/1752 ) (参见:https://github.com/aws/serverless-application-model/issues/1752

However you can solve this by specifying an authorizer on the api level and refer to this authorizer on function level.但是你可以通过在api级别指定一个授权人并在function级别引用这个授权人来解决这个问题。

  ApiGw:
    Type: AWS::Serverless::Api
    Properties:
      Description: some description
      Auth:
        Authorizers:
          DefaultAuthorizer:
            UserPoolArn: somepool
            AuthType: "COGNITO_USER_POOLS"
          AuthorizerWithScopeABC:
            UserPoolArn: somepool
            AuthType: "COGNITO_USER_POOLS"
            AuthorizationScopes:
              - /ABC
          AuthorizerWithScopeXYZ:
            UserPoolArn: somepool
            AuthType: "COGNITO_USER_POOLS"
            AuthorizationScopes:
              - /XYZ
        DefaultAuthorizer: DefaultAuthorizer

  Function:
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /somepath
            Method: get
            RestApiId: !Ref ApiGw
            Auth:
              Authorizer: AuthorizerWithScopeABC

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 serverless.io 框架和 serverless.yml 文件将整数作为变量传递给 aws-step-function 中的等待状态类型 - How to Pass integer as variable to Wait Type of State in aws-step-function using serverless.io framework and the serverless.yml file 无服务器:无法使用部署命令在 AWS 上加载 lambda 函数 - Serverless: can't load lambda function on the AWS using deploy comand AWS 无服务器应用程序模型 (SAM) — 如何更改 StageName? - AWS Serverless Application Model (SAM) -- How do I change StageName? 如何使用 AWS 的无服务器框架获取最新的 Layer 版本 Lambda - How to get latest Layer version with serverless framework for AWS Lambda 如何使用 Twilio CLI 删除无服务器 function? - How to delete a serverless function using Twilio CLI? 如何在 aws 中最好地设置开发人员 - How to best setup developer in aws Firebase 消息传递:如何配置无服务器功能 - Firebase messaging : how to configure serverless function 如何将 AWS-SDK DynamoDB 指向本地无服务器 DynamoDB - How to point AWS-SDK DynamoDB to a serverless DynamoDB local 如何在 Serverless Framework 中分配 function 级别的 IamRoleStatements? - How do I assign function level IamRoleStatements in Serverless Framework? 是否可以从 AWS 无服务器 API 中的其他 lambda 函数调用 lambda function? - Is it possible to call lambda function from other lambda functions in AWS serverless API?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM