README
¶
Cognito M2M signer
Cognito M2M signer generates authorization token using the Cognito Client Secret Key stored in the SSM. It can be used to authorize lambda or other compute resource using the Cognito Machine to Machine authorization.
Use example:
ssmSession := session.Must(session.NewSession(&aws.Config{
Region: aws.String(os.Getenv("REGION")),
}))
sesCli := ssm.New(ssmSession)
&auth.CognitoM2MSigner{
CognitoAPIURL: os.Getenv("COGNITO_API_URL"),
ClientID: os.Getenv("COGNITO_APP_ID"),
Scope: "https://scope_identifier_url/full-access",
SsmClient: sesCli,
SsmSecretName: "cognitoM2mSecret",
}
Documentation
¶
Index ¶
Constants ¶
const GrantClientCredentials = "client_credentials"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CognitoM2MAuthorizer ¶
type CognitoM2MAuthorizer struct {
CognitoAPIURL string
ClientID string
Scope string
SsmClient ssmiface.SSMAPI
SsmSecretName string
}
CognitoM2MAuthorizer implements the Signer interface It reads the Cognito App secret key from the SSM parameter store and uses it to create the Authorization token. cognitoAPIURL is the URL configured in the Cognito Resource servers clientID is the cognito app client ID scope is the OAuth scope name without the API URL - it will be concatenated automatically
func (*CognitoM2MAuthorizer) AddAuthorizationHeader ¶
func (s *CognitoM2MAuthorizer) AddAuthorizationHeader(headerAdder HeaderAdder) error
AddAuthorizationHeader adds Authorization HTTP header.
func (*CognitoM2MAuthorizer) AuthorizeRequest ¶
Sign method signs request using cognito M2M authentication token
type HeaderAdder ¶
type HeaderAdder interface {
Add(key, value string)
}
HeaderAdder is an interface to setup Authorization HTTP header.
type RequestAuthorizer ¶
type RequestAuthorizer interface {
AuthorizeRequest(*http.Request) (*http.Request, error)
AddAuthorizationHeader(headerAdder HeaderAdder) error
}
RequestAuthorizer interface delivers method to authorize the http.Request
Source Files