Skip to content

Instantly share code, notes, and snippets.

@joshkh

joshkh/code.md

Created January 18, 2019 16:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joshkh/5fef273a5f0f4b7a7811574a9138646c to your computer and use it in GitHub Desktop.
Save joshkh/5fef273a5f0f4b7a7811574a9138646c to your computer and use it in GitHub Desktop.
Download ZIP
blog-API-Gateway-Authorizer
Raw
code.md 
(ns superapi.ions.auth
  [:require [clojure.data.json :as json]
            [datomic.ion :as ion]
            [buddy.sign.jwt :as jwt]])

(defn gateway-authorizer
  "Validate that a user's JWT signature and expiration date"
  [{:keys [input] :as ion}]
  (let [
        ; API Gateway supplies the policy resource and authorization token as input
        {:strs [authorizationToken methodArn]} (json/read-str input)
        ; Fetch the secret key from AWS Parameter Store
        secret (get (ion/get-params {:path (str "/datomic-shared/secrets/")}) "your-secret-key")
        ]
    ; Validate the JWT and extract the subject
    (when-let [sub (:sub (jwt/unsign authorizationToken secret))]
      ; Return a JSON policy to grant the user access to the API
      (json/write-str {:principalId    sub
                       :policyDocument {:Version   "2012-10-17"
                                        :Statement [
                                                    {:Effect   "Allow"
                                                     :Action   "execute-api:*"
                                                     :Resource methodArn}
                                                    ]}}))))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment