Custom JWT Authorizer Lambda function for Amazon API Gateway with Bearer JWT
The JWT is verified against a secret (in case of HSA encryption) and some other claims (should be at least
The jwtAuthorizr lambda function makes use of the aweseome jsonwebtoken package at NPM.
Secret and claims can be different for every used stage environment. In this example, jwtAuthorizr lambda function reads them from environment variables which should be baked into the function deployment for each stage. But Lambda could also load them from e.g. S3 or DynamoDB or something completely different.
The token in the test event in
test.json uses these secrets and claims: