Whenever you call APIGateway.getCognitoAuthorizer (or construct the object manually), a fresh Authorizer will be created for every different set of methodsToAuthorize you apply. New authorizers get created regardless of if they are using the same Cognito user pool.
The source of this seems to come from addAuthorizersToSwagger - that method uses the authName (derived from the authorizerName param) as a unique key for each authorizer. There is a simple equality check done when adding authorizers, and if an authorizer exists with the same name but not the exact same properties (including methodsToAuthorize) then an error is thrown:
if (!apiAuthorizers[authName]) {
apiAuthorizers[authName] = auth;
} else if (apiAuthorizers[authName] !== auth) {
throw new Error("Two different authorizers using the same name: " + authName);
}
Later in that function auth.methodsToAuthorize is used to generatethe actual authRecords in Swagger.
Note that the uniqueness of methods to authorize is not a requirement of either Swagger or AWS. Swagger stores securityDefinitions separately, and allows each method to define their own security that includes methods to apply within a security definition. Similarly, AWS allows methods to set their own authorization scopes to apply within an Authorization.
Is there a way to separate out the methodsToAuthorize while continuing to use awsx.apigateway? Can we update this addAuthorizersToSwagger function to allow different method definitions on a single authorizer?
Whenever you call
APIGateway.getCognitoAuthorizer(or construct the object manually), a fresh Authorizer will be created for every different set ofmethodsToAuthorizeyou apply. New authorizers get created regardless of if they are using the same Cognito user pool.The source of this seems to come from
addAuthorizersToSwagger- that method uses theauthName(derived from theauthorizerNameparam) as a unique key for each authorizer. There is a simple equality check done when adding authorizers, and if an authorizer exists with the same name but not the exact same properties (includingmethodsToAuthorize) then an error is thrown:Later in that function
auth.methodsToAuthorizeis used to generatethe actual authRecords in Swagger.Note that the uniqueness of methods to authorize is not a requirement of either Swagger or AWS. Swagger stores
securityDefinitionsseparately, and allows each method to define their ownsecuritythat includes methods to apply within a security definition. Similarly, AWS allows methods to set their own authorization scopes to apply within an Authorization.Is there a way to separate out the
methodsToAuthorizewhile continuing to useawsx.apigateway? Can we update thisaddAuthorizersToSwaggerfunction to allow different method definitions on a single authorizer?