2 Respuestas
- Más nuevo
- Más votos
- Más comentarios
0
In theory, this should work out of the box as a JWT authoriser with APIGW HTTP APIs [1]. Every OAuth2/OIDC implementation has quirks, though, so interoperability isn't guaranteed. You'll need to work out the issuer endpoint for your authentication provider -- it should be the iss claim in a JWT issued by the provider.
Also, I'm pretty sure APIGW doesn't support redirecting unauthenticated requests to the authentication provider's authorisation endpoint. That might make things a bit trickier, depending on how your front-end app works.
[1] https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html
respondido hace 4 años
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace un año