payton
commented
4 years ago You could add another condition that checks the URI that is being accessed similar to how it's done with the callback path https://github.com/Widen/cloudfront-auth/blob/73e2ede61f89ba32c8b373e3965bdee4126c86de/authn/openid.index.js#L65
When that condition is met, you can call the unauthorized function (or handle as you like).
Ultimately, you have access to all aspects of each request, so there are many ways this could be done. If you have further questions/need help implementing, let me know in this issue.
Hi,
The lambda works just fine but we'd like to exclude a folder. For example, in our S3 ACL we have a policy that allows CloudFront Origin Access Identity to have access the the S3 website hosted bucket, exampl.com/. We want to exclude example.com/media/ from the lambda, is that possible?