Chalice Built-in Authorizers: Try Sample

"Chalice supports multiple mechanisms for authorization ... A Built-in authorizer is used when you’d like to write your custom authorizer in Chalice" (https://aws.github.io/chalice/topics/authorizers.html).

In this post, I am going to run the sample in the above page.

create project

% chalice new-project chalice_auth
% cd chalice_auth

app.py

from chalice import Chalice, AuthResponse

app = Chalice(app_name='chalice_auth')

@app.authorizer()
def demo_auth(auth_request):
    token = auth_request.token
    if token == 'allow':
        return AuthResponse(routes=['/'], principal_id='user')
    else:
        return AuthResponse(routes=[], principal_id='user')

@app.route('/', authorizer=demo_auth)
def index():
    return {'context': app.current_request.context}

@app.route('/hello')
def index():
    return {'hello': 'world'}

The endpoint /hello is added for comparison.

run

% curl http://127.0.0.1:8000
{"message":"Unauthorized"}

You get 401 for no auth header.

% curl http://127.0.0.1:8000 -H 'Authorization: abc'
{"Message": "User is not authorized to access this resource"}

403 for mismatch.

% curl http://127.0.0.1:8000 -H 'Authorization: allow'
{"context":{"httpMethod":"GET","resourcePath":"/","identity":{"sourceIp":"127.0.0.1"},"path":"/","authorizer":{"principalId":"user"}}}

200 for the correct value.

% curl http://127.0.0.1:8000/hello                    
{"hello":"world"}

200. No auth header is needed for /hello as it does not have the authorizer.

next

You may try AWS Cognito implementation, or implement the user table yourself using DynamoDB (see boto3 and PynamoDB).