Type Alias BasicAuthAuthorizerProps

type BasicAuthAuthorizerProps = {
credentialsSecretName: string;
}

Index

Properties

credentialsSecretName

Properties

credentialsSecretName

credentialsSecretName: string

Name of secret in AWS Secrets Manager that stores basic auth credentials.

The following formats are supported for the secret value:

Single username and password:

{ "username": "<username>", "password": "<password>" }

Array of username + password objects:
```
{ "credentials": "[{\"username\":\"<user-1>\",\"password\":\"password-1\"},{\"username\":\"<user-2>\",\"password\":\"<password-2>\"}]" }
```
- The value of the credentials field is a string, with a stringified, escaped JSON array of objects with username and password fields.
- The reason that this second format stores stringified JSON inside JSON, is due to a limitation in Liflig's load-secrets library, which only allows storing string values.
Array of base64-encoded credentials:
```
{ "credentials": "[\"<encoded-credential-1>\",\"<encoded-credential-2>\"]" }
```
- Each element is encoded from <username>:<password>.
- The array is stringified for the same reason as above.

If the secret uses one of the array formats, the authorizer will match the request's Authorization header against any one of the credentials.