Authorization Types
Important: These docs are for the outdated Jets 5 versions and below. For the latest Jets docs: docs.rubyonjets.com
By default, calling API Gateway does not require authorization. You can add authorization to your API with API Gateway authorizers and authorization types. There are several authorization types available:
- NONE - open access
- AWS_IAM - use AWS IAM permissions
- CUSTOM - custom authorizer
- COGNITO_USER_POOLS - Cognito User Pool
The complete list of authorization types is available in the AWS API Gateway docs.
Application Wide
You can enable authorization application-wide with config/application.rb:
Jets.application.configure do
config.api.authorization_type = :aws_iam
end
This will require a caller to authenticate using IAM before being able to access the endpoint.
Controller Wide
You can enable controller-wide authorization also. Example:
class PostsController < ApplicationController
authorization_type :aws_iam
end
All PostsController actions will be using AWS_IAM authorization.
Route Specific
You can also enable authorization on a per-route basis with the authorization_type option:
Jets.application.routes.draw do
get "posts", to: "posts#index", authorization_type: :aws_iam
end
Inferred Authorization Type
When using Jets Authorizers, Jets will infer the right authorization_type for CUSTOM and COGNITO_USER_POOLS types. So it is recommended to only set authorization_type when you’re using other types like AWS_IAM.