2 Answers
- Newest
- Most votes
- Most comments
0
In theory, this should work out of the box as a JWT authoriser with APIGW HTTP APIs [1]. Every OAuth2/OIDC implementation has quirks, though, so interoperability isn't guaranteed. You'll need to work out the issuer endpoint for your authentication provider -- it should be the iss claim in a JWT issued by the provider.
Also, I'm pretty sure APIGW doesn't support redirecting unauthenticated requests to the authentication provider's authorisation endpoint. That might make things a bit trickier, depending on how your front-end app works.
[1] https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html
answered 4 years ago
Relevant content
- Accepted Answerasked 6 years ago
- asked 2 years ago
- asked 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago