search

jeremydaly / serverless-cloudside-plugin

Serverless plugin for using cloudside resources during local development
47 stars 16 forks source link

Enhancement: Transform cloudformation in http api authorizers #10

Open Ankcorn opened 4 years ago

Ankcorn commented 4 years ago

Transforming any cloud formation referenced in the custom authorizers section would help with building ephemeral authenticated API's. I think if this plugin looped through the authorizers array the same way it did the functions it could support this.

httpApi:
    payload: "2.0"
    authorizers:
      Authorizer:
        identitySource: $request.header.Authorization
        issuerUrl: !GetAtt UserPool.ProviderURL
        audience: !Ref UserPoolClient

I'm working on an over-engineered boilerplate and am trying to get everything working both locally and in the cloud

https://github.com/Ankcorn/serverless-fullstack-example-app

run npm i && serverless deploy --stage local && npm start

The jwt is from the wrong issuer when requests go react app -> serverless offline backend because the issuer is 

{
   authorizerName: 'Authorizer',
   name: 'Authorizer',
   identitySource: '$request.header.Authorization',
   issuerUrl: { 'Fn::GetAtt': [ 'UserPool', 'ProviderURL' ] },
   audience: { Ref: 'UserPoolClient' }
}
Ankcorn commented 4 years ago

I have made a start on this.

I see the current GetAtt support is limited so I am planning to add support to generate providerURLs.

I modified the function signature of parseEnvs to this so I can assign the authorizer URLs back to the right place

const parseEnvs = ({ envs = {}, fn, authorizer })

if you can think of a nicer way shout! 🐱