Skip to content

Latest commit

 

History

History
53 lines (41 loc) · 1.5 KB

README.md

File metadata and controls

53 lines (41 loc) · 1.5 KB

arc-macro-oauth

Use OAuth authentication with Architect HTTP APIs (APIG HTTP Api only).

Install:

npm i arc-macro-oauth

Add to your .arc-file:

@app
myapp

@aws
apigateway http

@oauth
default true #Secure all routes by default
permissionClaim https://jwt.example.no/permissions #Specify name of permission claim in ID token
permissions access:admin,access:site #Default permissions needed (remove for none)
domain example.auth0.com #OAuth issuer domain
audience https://example.com #OAuth audience
scope "openid profile email" #OAuth authorization scope
logoutRedirect / #Redirect to after logout
errorRedirect / #Redirect to on error
staging
  callbackUrl https://staging.example.com/auth/callback #OAuth callback url for staging
production
  callbackUrl https://example.com/auth/callback #OAuth callback url for production

@http
get /
get /secure

@macros
arc-macro-oauth

And add to individual .arc-config files for routes that needs auth:

@oauth
permissions access:foo,access:bar #Not required (use default permissions or none when not specified)

Finally, add environment variables:

arc env [staging/production] OAUTH_CLIENT_ID xxxxxxxxxxxxxxxx
arc env [staging/production] OAUTH_CLIENT_SECRET xxxxxxxxxxxxxxxxxxxxxx
arc env [staging/production] ARC_APP_SECRET xxxxxxxxxxxxxxxxxxxxxx

See AWS::Serverless::HttpApi/HttpApiAuth for more information.