npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

auth0-lambda-authorizer

v2.0.6

Published

An Auth0 Authorizer for AWS Lambda

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

uris77uris77

Keywords

awslambdaauth0

Readme

Auth0 Lambda Authorizer

This is a simple custom authorizer for AWS lambda.

Requirements

  • jwks-rsa

Motivation

When writing FaaS applications on AWS lambda that have an http endpoint, we sometimes want to secure these endpoints and only allow authenticated and authorized users to access them. We use JWT for this and for the past FaaS projects we have just copy pasted this custom authorizer across projects. Extracting it into a library will give us the ability to share improvements and bugs across projects without having to copy paste the code around.

Usage

We need to first create a jwksClient using jwks-rsa.

 const client = jwksClient({
        cache: true,
        jwksRequestsPerMinute: 10,
        jwksUri: process.env.JWKS_URI,
        rateLimit: true,
    });

The JWKS_URI should be fetched from the Auth0 dashboard. Here we have added it as an environment variable.

We also need to decode the auth0 secret. The approach we normally take is to save the PUBLIC_PEM using kms and then decrypt it, and convert it to a Buffer.

//Given a function for decrypting a KMS string:
const encodedString = await getDecryptedKmsString(process.env.AUTH0_WEB_PUBLIC_PEM);
const auth0Secret = new Buffer(encodedSecret, "base64").toString();

Then we need to create a callback that will be executed once we have decoded the token. This callback is also responsible for returning control to the lambda environment by calling context.succeed or context.fail:

const authenticateCallback = (err, authResponse: AuthResponse) => {
        if (err) {
            if (!err) {
                log.error("Failed to authenticate with an unhandled error", err);
                context.fail("Unauthorized");
            } else {
                log.error("Recieved an unauthorized request", err);
                context.fail("Unauthorized");
            }
        } else {
            log.info({ msg: "Successfully authenticated a request" });
            context.succeed(authResponse);
        }
    }

This callback will get either an error or a response from our authenticate function. AuthResponse looks like this:

export interface AuthResponse {
    policyDocument: PolicyDocument;
    principalId: string;
    context: any;
}

This includes a policyDocument, the principalId and the context. The context is a map that will contain the payload along with the scope. A default policyDocument is created that allows access to execute any lambda. However, we might not always want to do this. We can create our own policyDocument if we want more fine grained control by using the getPolicyDocument function.

//given that we have imported `ramda` as R.
if (R.contains("admin", context.roles) || R.contains("premiumUser", context.roles)) {
    const policyDocument = getPolicyDocument("Allow", [event.methodArn])
    authResponse.policyDocument = policyDocument;
} else {
    const policyDocument = getPolicyDocument("Deny", [event.methodArn])
    authResponse.policyDocument = policyDocument;
}