First public release.
- OAuth token validation. Including:
- Issuer validation (optional, necessary for OAuth 2.0 compliance)
- Audience validation (optional, necessary for OAuth 2.0 compliance)
- Expiration, Issued, and Not Before time stamp validation (optional,
expandiat
necessary for OAuth 2.0 compliance) - All validated claims are required to be present in tokens
- Explicit list of required claims (check RFC9068
for OAuth 2.0 compliance) - If configured, require a claim taken as the user's principal ID
- If configured, require scopes to be present in the
scpclaim of tokens
- Use OIDC discovery of JWKS unless an URI is explicitly configured
- Defaults to allowing access to all routes and verbs to users presenting a valid token
- Returned policy including in the context the user principal ID and groups (if received)
- Policy customizable using an AWS Lambda Layer
- (optional) Sample policy customization layer based on a Jinja2 template
- (optional) JWKS Cache in a DynamoDB table
- (optional) Lambda extension service for local DynamoDB, S3 and SSM data Cache:
- JWKS DynamoDB items
- S3 or SSM stored configuration
- Custom Policy Factory data (cache service is available for custom policy factory layers)
- Python 3.8