Authorization Types

Important: These docs are for the outdated Jets 5 versions and below. For the latest Jets docs: docs.rubyonjets.com

By default, calling API Gateway does not require authorization. You can add authorization to your API with API Gateway authorizers and authorization types. There are several authorization types available:

  • NONE - open access
  • AWS_IAM - use AWS IAM permissions
  • CUSTOM - custom authorizer
  • COGNITO_USER_POOLS - Cognito User Pool

The complete list of authorization types is available in the AWS API Gateway docs.

Application Wide

You can enable authorization application-wide with config/application.rb:

Jets.application.configure do
  config.api.authorization_type = :aws_iam
end

This will require a caller to authenticate using IAM before being able to access the endpoint.

Controller Wide

You can enable controller-wide authorization also. Example:

class PostsController < ApplicationController
  authorization_type :aws_iam
end

All PostsController actions will be using AWS_IAM authorization.

Route Specific

You can also enable authorization on a per-route basis with the authorization_type option:

Jets.application.routes.draw do
  get  "posts", to: "posts#index", authorization_type: :aws_iam
end

Inferred Authorization Type

When using Jets Authorizers, Jets will infer the right authorization_type for CUSTOM and COGNITO_USER_POOLS types. So it is recommended to only set authorization_type when you’re using other types like AWS_IAM.