(ns superapi.ions.auth
[:require [clojure.data.json :as json]
[datomic.ion :as ion]
[buddy.sign.jwt :as jwt]])
(defn gateway-authorizer
"Validate that a user's JWT signature and expiration date"
[{:keys [input] :as ion}]
(let [
; API Gateway supplies the policy resource and authorization token as input
{:strs [authorizationToken methodArn]} (json/read-str input)
; Fetch the secret key from AWS Parameter Store
secret (get (ion/get-params {:path (str "/datomic-shared/secrets/")}) "your-secret-key")
]
; Validate the JWT and extract the subject
(when-let [sub (:sub (jwt/unsign authorizationToken secret))]
; Return a JSON policy to grant the user access to the API
(json/write-str {:principalId sub
:policyDocument {:Version "2012-10-17"
:Statement [
{:Effect "Allow"
:Action "execute-api:*"
:Resource methodArn}
]}}))))
Created
January 18, 2019 16:48
-
-
Save joshkh/5fef273a5f0f4b7a7811574a9138646c to your computer and use it in GitHub Desktop.
blog-API-Gateway-Authorizer
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment