https://serverless-stack.com/ logo
#help
Title
# help
n

Nathan

05/21/2022, 1:39 PM
Regarding Authorizers on APIs. What is the right way to declare a list of User Pools that can access the API? I see there are ‘Authorizers’ that can be declared in the API props. I’ve been able to use that as the default.authorizer. However that just works for one UserPool. What if I want to declare many user pool authorizers?
r

Robb Winkle

05/23/2022, 5:46 PM
You probably need to keep track of a mapping between user and user pool in your app and persist it in your application database. This repo is probably overkill of what you need, but here's an example in a multi-tenant app https://github.com/aws-samples/aws-saas-factory-ref-solution-serverless-saas/blob/main/DOCUMENTATION.md#login-as-an-onboarded-tenant. Here's the authorizer it's referring to https://github.com/aws-samples/aws-saas-factory-ref-solution-serverless-saas/blob/main/server/Resources/tenant_authorizer.py#L43
f

Frank

05/25/2022, 4:47 PM
@Nathan if only a single UserPool can access a route, you can create multiple User Pool JWT authorizers, and specify the one to use at the route level.
But if you want multiple UserPool to access the same route, you might have to use a custom Lambda authorizer.
^ I’m sure others might have better setup
n

Nathan

05/25/2022, 4:51 PM
Thanks Frank. I was thinking the same thing about the custom authorizer.