{"id":19208635,"url":"https://github.com/heiwa4126/sam-auth1","last_synced_at":"2025-10-18T01:55:43.196Z","repository":{"id":111910681,"uuid":"442101227","full_name":"heiwa4126/sam-auth1","owner":"heiwa4126","description":"Lambda オーソライザーのサンプル","archived":false,"fork":false,"pushed_at":"2021-12-28T08:46:41.000Z","size":35,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-04T16:18:59.417Z","etag":null,"topics":["authorizer","aws-lambda","example"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/heiwa4126.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-27T08:40:40.000Z","updated_at":"2021-12-28T08:46:44.000Z","dependencies_parsed_at":null,"dependency_job_id":"cb69b2fb-5010-4b10-a036-b86e7d825fee","html_url":"https://github.com/heiwa4126/sam-auth1","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiwa4126%2Fsam-auth1","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiwa4126%2Fsam-auth1/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiwa4126%2Fsam-auth1/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiwa4126%2Fsam-auth1/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/heiwa4126","download_url":"https://codeload.github.com/heiwa4126/sam-auth1/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240280984,"owners_count":19776418,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorizer","aws-lambda","example"],"created_at":"2024-11-09T13:27:15.590Z","updated_at":"2025-10-18T01:55:38.159Z","avatar_url":"https://github.com/heiwa4126.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sam-auth1\n\nLambda オーソライザーのサンプル。\n\n- [sam-auth1](#sam-auth1)\n- [デプロイ](#デプロイ)\n- [テスト](#テスト)\n  - [HTTPヘッダの中身で認証(Tokenオーソライザー)](#httpヘッダの中身で認証tokenオーソライザー)\n  - [デフォルトオーソライザーの無効化](#デフォルトオーソライザーの無効化)\n  - [TokenオーソライザーでBASIC認証](#tokenオーソライザーでbasic認証)\n  - [REQUESTオーソライザー](#requestオーソライザー)\n- [削除](#削除)\n- [参考](#参考)\n  - [BASIC認証のカスタムエラーページ](#basic認証のカスタムエラーページ)\n- [その他](#その他)\n  - [そのほか参考](#そのほか参考)\n\n\n# デプロイ\n\nSAMなので\n```sh\nsam build\nsam deploy --guided  # --guidedは最初の1回\n```\n\n# テスト\n\nOutputのHelloApiのURLに対してcurlでアクセスする。\n\n## HTTPヘッダの中身で認証(Tokenオーソライザー)\n\n/hello/は Auth:ヘッダに `allow` で認証される。\n\n```sh\ncurl -H \"Auth: allow\" https://xxxxxxxxxx.execute-api.ap-northeast-1.amazonaws.com/Prod/hello/\n```\n\nテストのためにToken Sourceをデフォルトの\"Authorization\"から\"Auth\"に変えてある。(スペルもめんどくさいし)\n\n## デフォルトオーソライザーの無効化\n\n/goodbye/は認証不要\n```sh\ncurl https://xxxxxxxxxx.execute-api.ap-northeast-1.amazonaws.com/Prod/goodbye/\n```\n\n`Authorizer: NONE`\nで\nデフォルトオーソライザーを無効化するテスト。\n\n## TokenオーソライザーでBASIC認証\n\n/basic/はBASIC認証\n\n```sh\ncurl -u admin:password https://xxxxxxxxxx.execute-api.ap-northeast-1.amazonaws.com/Prod/basic/\n```\n\n通常だと WWW-Authenticate: ヘッダが返せないのでブラウザで使えないが\nGateway Responsesをカスタマイズして、\n`WWW-Authenticate: Basic realm=xxxxx`\nを返すようにしたのでブラウザで試してみてください。\n\nただし副作用として/hello/まで\n`WWW-Authenticate: Basic`\nが帰ってるので、ごめんなさい。\n\n\n## REQUESTオーソライザー\n\nクエリauthにallowを渡す\n\n```sh\ncurl https://xxxxxxxxxx.execute-api.ap-northeast-1.amazonaws.com/Prod/hi?auth=allow\n# or\ncurl -G --data-urlencode \"auth=allow\" https://xxxxxxxxxx.execute-api.ap-northeast-1.amazonaws.com/Prod/hi\n```\n\n\n# 削除\n\n```sh\nsam delete\n```\n\n\n# 参考\n\n* [LambdaTokenAuthorizer - AWS Serverless Application Model](https://docs.aws.amazon.com/ja_jp/serverless-application-model/latest/developerguide/sam-property-api-lambdatokenauthorizer.html)\n* [LambdaTokenAuthorizationIdentity - AWS Serverless Application Model](https://docs.aws.amazon.com/ja_jp/serverless-application-model/latest/developerguide/sam-property-api-lambdatokenauthorizationidentity.html)\n* [API Gateway Lambda オーソライザーを使用する - Amazon API Gateway](https://docs.aws.amazon.com/ja_jp/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html)\n\n\nLambdaTokenAuthorizationIdentityの\nHeader: に対するドキュメントが無い\n(けど動くし、設定できてコンソールからも見える)。\n\n同様に\nToken Validationに指定できるのは正規表現らしいけど、\nドキュメントが見つからない。\n\n## BASIC認証のカスタムエラーページ\n\n* [カスタマイズされたレスポンスの例 - AWS Serverless Application Model](https://docs.aws.amazon.com/ja_jp/serverless-application-model/latest/developerguide/serverless-controlling-access-to-apis-customize-response.html)\n* [Using Basic Authentication with AWS API Gateway and Lambda - Cloudmailin](https://www.cloudmailin.com/blog/basic_auth_with_aws_lambda)\n\nToken Validationを有効にすると、\nCustom Gateway Responsesが効かなくなる...\n\n# その他\n\nLambdaオーソライザーは昔は「カスタムオーソライザー」と呼ばれていたらしい。\n\nauthのlambdaは非同期ハンドラ(non-async handler)で書かないといけないものなの?\n\nnon-async handlerのcallbackは\n```javascript\ncallback(response_error, response_success)\n```\nらしいのだけど、ドキュメントが見つからない。\n\nauth関数でprincipalIdには何を設定するべき?\n\n\u003e principalId 値には、マッピングテンプレートで $context.authorizer.principalId 変数を使ってアクセスできます。これはバックエンドに値を渡す場合に便利です。\n\n引用元: [Amazon API Gateway Lambda オーソライザーからの出力 - Amazon API Gateway](https://docs.aws.amazon.com/ja_jp/apigateway/latest/developerguide/\napi-gateway-lambda-authorizer-output.html)\n\n後段のlambdaで使えるよう渡すだけ。\n\n同様に、policyのcontextで設定した値は\n後段のlambdaで\nevent.requestContext.authorizer\nから取れる。\n\n## そのほか参考\n\n* [dougalb/lambda-authorizer-basic-auth: A Serverless Application that creates Lambda function to use as an authorizer in Amazon API Gateway for HTTP Basic Auth and a DynamoDB tables for users.](https://github.com/dougalb/lambda-authorizer-basic-auth)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheiwa4126%2Fsam-auth1","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fheiwa4126%2Fsam-auth1","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheiwa4126%2Fsam-auth1/lists"}