search

zappa / Zappa

Serverless Python
https://zappa.ws/zappa
MIT License
3.31k stars 363 forks source link

[Migrated] Fix #1816: Add basic support for authorization scopes #786

Closed jneves closed 6 months ago

jneves commented 3 years ago

Originally from: https://github.com/Miserlou/Zappa/issues/1932 by GoneWacko

Description

When using a Cognito User Pool as the authorizer, it is possible to define which authorization scopes should have access to each API method.

When authorization scopes are defined, the authorizer will use an access token, whereas the ID token must be used otherwise. This is only of limited use in the case of Zappa, because it does not define an API method for every endpoint of the underlying app, but at least now authorization scopes can be set globally for the entire API.

Troposphere supported this already, but Zappa did not. This PR resolves that. The new <stage>.authorizer.scopes property can be set to a list of scopes that will then be configured for both the / and the /{proxy+} endpoints.

I tested it and it works. I couldn't find any automated tests that would be impacted or needed extending to cover this new setting.

GitHub Issues

Closes #1816

github-actions[bot] commented 7 months ago

Hi there! Unfortunately, this Issue has not seen any activity for at least 90 days. If the Issue is still relevant to the latest version of Zappa, please comment within the next 10 days if you wish to keep it open. Otherwise, it will be automatically closed.

github-actions[bot] commented 6 months ago

Hi there! Unfortunately, this Issue was automatically closed as it had not seen any activity in at least 100 days. If the Issue is still relevant to the latest version of Zappa, please open a new Issue.