What is the best way to have multiple authorizer on a single endpoint?


For our use case, we want to implement multiple authorizers on an API endpoint irrespective of the method. So if the method is GET /test-api, it could have JWT authorizer as well as Lambda authorizer. We want to add JWT authorizer for maintaining RBAC on endpoints via CDK but the problem is if there are multiple apps, in CDK json we will end up having a large segment dedicated to maintaining the endpoints along with their RBAC rules. So is there a better way to solve for this?

1 Answer

Hi, i believe there are two parts to your query which i have addressed below:

  1. how to have multiple authorizer for HTTP API endpoint (i assumed HTTP API since you mentioned you want JWT authorizer).

You can only have a single authorizer on every endpoint. If you need more than one, you will need to use a Lambda authorizer to verify both. for example, you can code to authorize JWT token using Lambda along with custom logic to authorize using Lambda

  1. Is there a better way to implement RBAC control with JWT token using CDK without having a large segment dedicated to maintaining the endpoints

Unfortunately, you would need to mention it for all the routes & method that you would be attaching the authorizer to. I am cutting a feature request on your behalf to allow inheriting Authorizer to all the methods and sub-routes under a parent route.

answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions