search

sst / ion

❍ — a new engine for SST
https://ion.sst.dev
MIT License
1.07k stars 118 forks source link

New authorizers created for each new api route #513

Closed jaduplessis closed 6 days ago

jaduplessis commented 3 weeks ago 
×  Failed
   ApiRouteKoeseuAuthorizerBszbxo aws:apigatewayv2:Authorizer
   StatusCode: 429, RequestID: f3048aa1-31b4-405f-bb6c-49c8b4519b41, ConflictException: Maximum number of Authorizers for this API has been reached. Please contact AWS if you need additional Authorizers.

Each new api route creates a new Authorizer instead of using an existing one. 

api.route(
  'GET /user/me',
  {
    handler: './api/user/handler.get',
  },
  {
    auth: {
      jwt: {
        audiences: [client.id],
        issuer: $interpolate`https://cognito-idp.${aws.getRegionOutput().name}.amazonaws.com/${pool.id}`,
      },
    },
  };
);

This error is not found on older versions of Ion. I believe the issue was introduced in PR-471 in an attempt to make multiple authorizers for different apis

jayair commented 2 weeks ago

Hmm we'll take a look.

fwang commented 6 days ago

Fixed in v0.0.433

Authorizers now need to be created explicitly, ie.

const myAuthorizer = api.addAuthorizer({
  name: "myAuthorizer",
  jwt: {
    issuer: "https://issuer.com/",
    audiences: ["https://api.example.com"],
    identitySource: "$request.header.AccessToken"
  }
});

And set it on the route:

api.route("GET /", "src/get.handler", {
  auth: {
    jwt: {
      authorizer: myAuthorizer.id,
    }
  }
});

Here's the doc - https://ion.sst.dev/docs/component/aws/apigatewayv2/#addauthorizer