[英]How to setup Oauth scopes at AWS Serverless Function?
Issue: OAuth Scopes are empty at Method Request Settings using Cloudformation and AWS-SAM问题:OAuth 使用 Cloudformation 和 AWS-SAM 的方法请求设置中的范围为空
Apparently there are a few places where I can declare my authorization scopes, if I got it right, I should declare all scopes at the authorizer and the ones I would like to specify per function at my Function template.显然有几个地方我可以声明我的授权范围,如果我做对了,我应该在授权方声明所有范围,以及我想在我的 Function 模板中根据 function 指定的范围。
This is the template I am trying to fix:这是我要修复的模板:
MyServerlessFn
Type: AWS::Serverless::Function
Properties:
FunctionName: helloWorldFn
Description: my test using cognito.
Handler: src/handlers/helloWorld.handler
Runtime: nodejs12.x
Events:
ApplicationPostAPI:
Type: Api
Properties:
Auth:
AuthorizationScopes:
- https://foobar.acme.net/full-api
Method: POST
Path: /hello/world
RestApiId: !Ref MyServerlessApi
using sam cli I can validate, build and deploy this template but the oauthScopes are empty when I check it using AWS web console.使用 sam cli 我可以验证、构建和部署这个模板,但是当我使用 AWS web 控制台检查它时,oauthScopes 是空的。
Here the aws doc: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-apifunctionauth.html这里是 aws 文档: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-apifunctionauth.html
I also noticed that the scopes you define on a function level stay empty.我还注意到您在 function 级别上定义的范围保持为空。 Whether the documentation is wrong or a current AWS SAM bug I leave in the midle.
无论文档有误还是我在中间留下的当前 AWS SAM 错误。 (see:https://github.com/aws/serverless-application-model/issues/1752 )
(参见:https://github.com/aws/serverless-application-model/issues/1752 )
However you can solve this by specifying an authorizer on the api level and refer to this authorizer on function level.但是你可以通过在api级别指定一个授权人并在function级别引用这个授权人来解决这个问题。
ApiGw:
Type: AWS::Serverless::Api
Properties:
Description: some description
Auth:
Authorizers:
DefaultAuthorizer:
UserPoolArn: somepool
AuthType: "COGNITO_USER_POOLS"
AuthorizerWithScopeABC:
UserPoolArn: somepool
AuthType: "COGNITO_USER_POOLS"
AuthorizationScopes:
- /ABC
AuthorizerWithScopeXYZ:
UserPoolArn: somepool
AuthType: "COGNITO_USER_POOLS"
AuthorizationScopes:
- /XYZ
DefaultAuthorizer: DefaultAuthorizer
Function:
Type: AWS::Serverless::Function
Properties:
Events:
ApiEvent:
Type: Api
Properties:
Path: /somepath
Method: get
RestApiId: !Ref ApiGw
Auth:
Authorizer: AuthorizerWithScopeABC
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.