A python helper library for AWS API Gateway Custom Authorizers.
pip install aws-lambda-pyauthlibor
pipenv install aws-lambda-pyauthlib'''authorizer_handler.py''' from pyauthlib import UserInfo, AuthPolicy, HttpMethod, parse_event, raise_401 from my_auth_client import get_client def lambda_handler(event, _context): '''Exchanges access token for user_info and returns the policy. Unauthorized users are denied all access. Users are allowed read access to all resources. Admins are allowed full access to all resources. ''' event = parse_event(event) identity = get_client().get_identity(event.access_token) user_info = UserInfo(identity['user_id'], identity['grants']) policy = AuthPolicy(user_info) if not user_info: raise_401() elif 'ROLE_ADMIN' in user_info.authorities: policy.allow(event.arn(method=HttpMethod.ALL, resource='*')) else: policy.allow(event.arn(method=HttpMethod.GET, resource='*')) return policy.build()You can also return an arbitrary authorizer context, by passing kwargs into the UserInfo. A list of authorities is always required, but nothing is stopping you from using an empty list.
Go check out the examples!