{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.APIGateway.Types.Authorizer
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.APIGateway.Types.Authorizer where

import Amazonka.APIGateway.Types.AuthorizerType
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | Represents an authorization layer for methods. If enabled on a method,
-- API Gateway will activate the authorizer when a client calls the method.
--
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html Use Lambda Function as Authorizer>
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html Use Cognito User Pool as Authorizer>
--
-- /See:/ 'newAuthorizer' smart constructor.
data Authorizer = Authorizer'
  { -- | Specifies the authorizer\'s Uniform Resource Identifier (URI). For
    -- @TOKEN@ or @REQUEST@ authorizers, this must be a well-formed Lambda
    -- function URI, for example,
    -- @arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations@.
    -- In general, the URI has this form
    -- @arn:aws:apigateway:{region}:lambda:path\/{service_api}@, where
    -- @{region}@ is the same as the region hosting the Lambda function, @path@
    -- indicates that the remaining substring in the URI should be treated as
    -- the path to the resource, including the initial @\/@. For Lambda
    -- functions, this is usually of the form
    -- @\/2015-03-31\/functions\/[FunctionARN]\/invocations@.
    Authorizer -> Maybe Text
authorizerUri :: Prelude.Maybe Prelude.Text,
    -- | A validation expression for the incoming identity token. For @TOKEN@
    -- authorizers, this value is a regular expression. For
    -- @COGNITO_USER_POOLS@ authorizers, API Gateway will match the @aud@ field
    -- of the incoming token from the client against the specified regular
    -- expression. It will invoke the authorizer\'s Lambda function when there
    -- is a match. Otherwise, it will return a 401 Unauthorized response
    -- without calling the Lambda function. The validation expression does not
    -- apply to the @REQUEST@ authorizer.
    Authorizer -> Maybe Text
identityValidationExpression :: Prelude.Maybe Prelude.Text,
    -- | A list of the Amazon Cognito user pool ARNs for the @COGNITO_USER_POOLS@
    -- authorizer. Each element is of this format:
    -- @arn:aws:cognito-idp:{region}:{account_id}:userpool\/{user_pool_id}@.
    -- For a @TOKEN@ or @REQUEST@ authorizer, this is not defined.
    Authorizer -> Maybe [Text]
providerARNs :: Prelude.Maybe [Prelude.Text],
    -- | [Required] The name of the authorizer.
    Authorizer -> Maybe Text
name :: Prelude.Maybe Prelude.Text,
    -- | The identifier for the authorizer resource.
    Authorizer -> Maybe Text
id :: Prelude.Maybe Prelude.Text,
    -- | The TTL in seconds of cached authorizer results. If it equals 0,
    -- authorization caching is disabled. If it is greater than 0, API Gateway
    -- will cache authorizer responses. If this field is not set, the default
    -- value is 300. The maximum value is 3600, or 1 hour.
    Authorizer -> Maybe Int
authorizerResultTtlInSeconds :: Prelude.Maybe Prelude.Int,
    -- | Optional customer-defined field, used in OpenAPI imports and exports
    -- without functional impact.
    Authorizer -> Maybe Text
authType :: Prelude.Maybe Prelude.Text,
    -- | The authorizer type. Valid values are @TOKEN@ for a Lambda function
    -- using a single authorization token submitted in a custom header,
    -- @REQUEST@ for a Lambda function using incoming request parameters, and
    -- @COGNITO_USER_POOLS@ for using an Amazon Cognito user pool.
    Authorizer -> Maybe AuthorizerType
type' :: Prelude.Maybe AuthorizerType,
    -- | The identity source for which authorization is requested.
    --
    -- -   For a @TOKEN@ or @COGNITO_USER_POOLS@ authorizer, this is required
    --     and specifies the request header mapping expression for the custom
    --     header holding the authorization token submitted by the client. For
    --     example, if the token header name is @Auth@, the header mapping
    --     expression is @method.request.header.Auth@.
    -- -   For the @REQUEST@ authorizer, this is required when authorization
    --     caching is enabled. The value is a comma-separated string of one or
    --     more mapping expressions of the specified request parameters. For
    --     example, if an @Auth@ header, a @Name@ query string parameter are
    --     defined as identity sources, this value is
    --     @method.request.header.Auth, method.request.querystring.Name@. These
    --     parameters will be used to derive the authorization caching key and
    --     to perform runtime validation of the @REQUEST@ authorizer by
    --     verifying all of the identity-related request parameters are
    --     present, not null and non-empty. Only when this is true does the
    --     authorizer invoke the authorizer Lambda function, otherwise, it
    --     returns a 401 Unauthorized response without calling the Lambda
    --     function. The valid value is a string of comma-separated mapping
    --     expressions of the specified request parameters. When the
    --     authorization caching is not enabled, this property is optional.
    Authorizer -> Maybe Text
identitySource :: Prelude.Maybe Prelude.Text,
    -- | Specifies the required credentials as an IAM role for API Gateway to
    -- invoke the authorizer. To specify an IAM role for API Gateway to assume,
    -- use the role\'s Amazon Resource Name (ARN). To use resource-based
    -- permissions on the Lambda function, specify null.
    Authorizer -> Maybe Text
authorizerCredentials :: Prelude.Maybe Prelude.Text
  }
  deriving (Authorizer -> Authorizer -> Bool
(Authorizer -> Authorizer -> Bool)
-> (Authorizer -> Authorizer -> Bool) -> Eq Authorizer
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Authorizer -> Authorizer -> Bool
$c/= :: Authorizer -> Authorizer -> Bool
== :: Authorizer -> Authorizer -> Bool
$c== :: Authorizer -> Authorizer -> Bool
Prelude.Eq, ReadPrec [Authorizer]
ReadPrec Authorizer
Int -> ReadS Authorizer
ReadS [Authorizer]
(Int -> ReadS Authorizer)
-> ReadS [Authorizer]
-> ReadPrec Authorizer
-> ReadPrec [Authorizer]
-> Read Authorizer
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [Authorizer]
$creadListPrec :: ReadPrec [Authorizer]
readPrec :: ReadPrec Authorizer
$creadPrec :: ReadPrec Authorizer
readList :: ReadS [Authorizer]
$creadList :: ReadS [Authorizer]
readsPrec :: Int -> ReadS Authorizer
$creadsPrec :: Int -> ReadS Authorizer
Prelude.Read, Int -> Authorizer -> ShowS
[Authorizer] -> ShowS
Authorizer -> String
(Int -> Authorizer -> ShowS)
-> (Authorizer -> String)
-> ([Authorizer] -> ShowS)
-> Show Authorizer
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Authorizer] -> ShowS
$cshowList :: [Authorizer] -> ShowS
show :: Authorizer -> String
$cshow :: Authorizer -> String
showsPrec :: Int -> Authorizer -> ShowS
$cshowsPrec :: Int -> Authorizer -> ShowS
Prelude.Show, (forall x. Authorizer -> Rep Authorizer x)
-> (forall x. Rep Authorizer x -> Authorizer) -> Generic Authorizer
forall x. Rep Authorizer x -> Authorizer
forall x. Authorizer -> Rep Authorizer x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Authorizer x -> Authorizer
$cfrom :: forall x. Authorizer -> Rep Authorizer x
Prelude.Generic)

-- |
-- Create a value of 'Authorizer' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'authorizerUri', 'authorizer_authorizerUri' - Specifies the authorizer\'s Uniform Resource Identifier (URI). For
-- @TOKEN@ or @REQUEST@ authorizers, this must be a well-formed Lambda
-- function URI, for example,
-- @arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations@.
-- In general, the URI has this form
-- @arn:aws:apigateway:{region}:lambda:path\/{service_api}@, where
-- @{region}@ is the same as the region hosting the Lambda function, @path@
-- indicates that the remaining substring in the URI should be treated as
-- the path to the resource, including the initial @\/@. For Lambda
-- functions, this is usually of the form
-- @\/2015-03-31\/functions\/[FunctionARN]\/invocations@.
--
-- 'identityValidationExpression', 'authorizer_identityValidationExpression' - A validation expression for the incoming identity token. For @TOKEN@
-- authorizers, this value is a regular expression. For
-- @COGNITO_USER_POOLS@ authorizers, API Gateway will match the @aud@ field
-- of the incoming token from the client against the specified regular
-- expression. It will invoke the authorizer\'s Lambda function when there
-- is a match. Otherwise, it will return a 401 Unauthorized response
-- without calling the Lambda function. The validation expression does not
-- apply to the @REQUEST@ authorizer.
--
-- 'providerARNs', 'authorizer_providerARNs' - A list of the Amazon Cognito user pool ARNs for the @COGNITO_USER_POOLS@
-- authorizer. Each element is of this format:
-- @arn:aws:cognito-idp:{region}:{account_id}:userpool\/{user_pool_id}@.
-- For a @TOKEN@ or @REQUEST@ authorizer, this is not defined.
--
-- 'name', 'authorizer_name' - [Required] The name of the authorizer.
--
-- 'id', 'authorizer_id' - The identifier for the authorizer resource.
--
-- 'authorizerResultTtlInSeconds', 'authorizer_authorizerResultTtlInSeconds' - The TTL in seconds of cached authorizer results. If it equals 0,
-- authorization caching is disabled. If it is greater than 0, API Gateway
-- will cache authorizer responses. If this field is not set, the default
-- value is 300. The maximum value is 3600, or 1 hour.
--
-- 'authType', 'authorizer_authType' - Optional customer-defined field, used in OpenAPI imports and exports
-- without functional impact.
--
-- 'type'', 'authorizer_type' - The authorizer type. Valid values are @TOKEN@ for a Lambda function
-- using a single authorization token submitted in a custom header,
-- @REQUEST@ for a Lambda function using incoming request parameters, and
-- @COGNITO_USER_POOLS@ for using an Amazon Cognito user pool.
--
-- 'identitySource', 'authorizer_identitySource' - The identity source for which authorization is requested.
--
-- -   For a @TOKEN@ or @COGNITO_USER_POOLS@ authorizer, this is required
--     and specifies the request header mapping expression for the custom
--     header holding the authorization token submitted by the client. For
--     example, if the token header name is @Auth@, the header mapping
--     expression is @method.request.header.Auth@.
-- -   For the @REQUEST@ authorizer, this is required when authorization
--     caching is enabled. The value is a comma-separated string of one or
--     more mapping expressions of the specified request parameters. For
--     example, if an @Auth@ header, a @Name@ query string parameter are
--     defined as identity sources, this value is
--     @method.request.header.Auth, method.request.querystring.Name@. These
--     parameters will be used to derive the authorization caching key and
--     to perform runtime validation of the @REQUEST@ authorizer by
--     verifying all of the identity-related request parameters are
--     present, not null and non-empty. Only when this is true does the
--     authorizer invoke the authorizer Lambda function, otherwise, it
--     returns a 401 Unauthorized response without calling the Lambda
--     function. The valid value is a string of comma-separated mapping
--     expressions of the specified request parameters. When the
--     authorization caching is not enabled, this property is optional.
--
-- 'authorizerCredentials', 'authorizer_authorizerCredentials' - Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, specify null.
newAuthorizer ::
  Authorizer
newAuthorizer :: Authorizer
newAuthorizer =
  Authorizer' :: Maybe Text
-> Maybe Text
-> Maybe [Text]
-> Maybe Text
-> Maybe Text
-> Maybe Int
-> Maybe Text
-> Maybe AuthorizerType
-> Maybe Text
-> Maybe Text
-> Authorizer
Authorizer'
    { $sel:authorizerUri:Authorizer' :: Maybe Text
authorizerUri = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:identityValidationExpression:Authorizer' :: Maybe Text
identityValidationExpression = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:providerARNs:Authorizer' :: Maybe [Text]
providerARNs = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:name:Authorizer' :: Maybe Text
name = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:id:Authorizer' :: Maybe Text
id = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerResultTtlInSeconds:Authorizer' :: Maybe Int
authorizerResultTtlInSeconds = Maybe Int
forall a. Maybe a
Prelude.Nothing,
      $sel:authType:Authorizer' :: Maybe Text
authType = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:type':Authorizer' :: Maybe AuthorizerType
type' = Maybe AuthorizerType
forall a. Maybe a
Prelude.Nothing,
      $sel:identitySource:Authorizer' :: Maybe Text
identitySource = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerCredentials:Authorizer' :: Maybe Text
authorizerCredentials = Maybe Text
forall a. Maybe a
Prelude.Nothing
    }

-- | Specifies the authorizer\'s Uniform Resource Identifier (URI). For
-- @TOKEN@ or @REQUEST@ authorizers, this must be a well-formed Lambda
-- function URI, for example,
-- @arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations@.
-- In general, the URI has this form
-- @arn:aws:apigateway:{region}:lambda:path\/{service_api}@, where
-- @{region}@ is the same as the region hosting the Lambda function, @path@
-- indicates that the remaining substring in the URI should be treated as
-- the path to the resource, including the initial @\/@. For Lambda
-- functions, this is usually of the form
-- @\/2015-03-31\/functions\/[FunctionARN]\/invocations@.
authorizer_authorizerUri :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerUri :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_authorizerUri = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerUri :: Maybe Text
$sel:authorizerUri:Authorizer' :: Authorizer -> Maybe Text
authorizerUri} -> Maybe Text
authorizerUri) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerUri:Authorizer' :: Maybe Text
authorizerUri = Maybe Text
a} :: Authorizer)

-- | A validation expression for the incoming identity token. For @TOKEN@
-- authorizers, this value is a regular expression. For
-- @COGNITO_USER_POOLS@ authorizers, API Gateway will match the @aud@ field
-- of the incoming token from the client against the specified regular
-- expression. It will invoke the authorizer\'s Lambda function when there
-- is a match. Otherwise, it will return a 401 Unauthorized response
-- without calling the Lambda function. The validation expression does not
-- apply to the @REQUEST@ authorizer.
authorizer_identityValidationExpression :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_identityValidationExpression :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_identityValidationExpression = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
identityValidationExpression :: Maybe Text
$sel:identityValidationExpression:Authorizer' :: Authorizer -> Maybe Text
identityValidationExpression} -> Maybe Text
identityValidationExpression) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:identityValidationExpression:Authorizer' :: Maybe Text
identityValidationExpression = Maybe Text
a} :: Authorizer)

-- | A list of the Amazon Cognito user pool ARNs for the @COGNITO_USER_POOLS@
-- authorizer. Each element is of this format:
-- @arn:aws:cognito-idp:{region}:{account_id}:userpool\/{user_pool_id}@.
-- For a @TOKEN@ or @REQUEST@ authorizer, this is not defined.
authorizer_providerARNs :: Lens.Lens' Authorizer (Prelude.Maybe [Prelude.Text])
authorizer_providerARNs :: (Maybe [Text] -> f (Maybe [Text])) -> Authorizer -> f Authorizer
authorizer_providerARNs = (Authorizer -> Maybe [Text])
-> (Authorizer -> Maybe [Text] -> Authorizer)
-> Lens Authorizer Authorizer (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe [Text]
providerARNs :: Maybe [Text]
$sel:providerARNs:Authorizer' :: Authorizer -> Maybe [Text]
providerARNs} -> Maybe [Text]
providerARNs) (\s :: Authorizer
s@Authorizer' {} Maybe [Text]
a -> Authorizer
s {$sel:providerARNs:Authorizer' :: Maybe [Text]
providerARNs = Maybe [Text]
a} :: Authorizer) ((Maybe [Text] -> f (Maybe [Text])) -> Authorizer -> f Authorizer)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> Authorizer
-> f Authorizer
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | [Required] The name of the authorizer.
authorizer_name :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_name :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_name = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
name :: Maybe Text
$sel:name:Authorizer' :: Authorizer -> Maybe Text
name} -> Maybe Text
name) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:name:Authorizer' :: Maybe Text
name = Maybe Text
a} :: Authorizer)

-- | The identifier for the authorizer resource.
authorizer_id :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_id :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_id = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
id :: Maybe Text
$sel:id:Authorizer' :: Authorizer -> Maybe Text
id} -> Maybe Text
id) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:id:Authorizer' :: Maybe Text
id = Maybe Text
a} :: Authorizer)

-- | The TTL in seconds of cached authorizer results. If it equals 0,
-- authorization caching is disabled. If it is greater than 0, API Gateway
-- will cache authorizer responses. If this field is not set, the default
-- value is 300. The maximum value is 3600, or 1 hour.
authorizer_authorizerResultTtlInSeconds :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Int)
authorizer_authorizerResultTtlInSeconds :: (Maybe Int -> f (Maybe Int)) -> Authorizer -> f Authorizer
authorizer_authorizerResultTtlInSeconds = (Authorizer -> Maybe Int)
-> (Authorizer -> Maybe Int -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Int) (Maybe Int)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Int
authorizerResultTtlInSeconds :: Maybe Int
$sel:authorizerResultTtlInSeconds:Authorizer' :: Authorizer -> Maybe Int
authorizerResultTtlInSeconds} -> Maybe Int
authorizerResultTtlInSeconds) (\s :: Authorizer
s@Authorizer' {} Maybe Int
a -> Authorizer
s {$sel:authorizerResultTtlInSeconds:Authorizer' :: Maybe Int
authorizerResultTtlInSeconds = Maybe Int
a} :: Authorizer)

-- | Optional customer-defined field, used in OpenAPI imports and exports
-- without functional impact.
authorizer_authType :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authType :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_authType = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authType :: Maybe Text
$sel:authType:Authorizer' :: Authorizer -> Maybe Text
authType} -> Maybe Text
authType) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authType:Authorizer' :: Maybe Text
authType = Maybe Text
a} :: Authorizer)

-- | The authorizer type. Valid values are @TOKEN@ for a Lambda function
-- using a single authorization token submitted in a custom header,
-- @REQUEST@ for a Lambda function using incoming request parameters, and
-- @COGNITO_USER_POOLS@ for using an Amazon Cognito user pool.
authorizer_type :: Lens.Lens' Authorizer (Prelude.Maybe AuthorizerType)
authorizer_type :: (Maybe AuthorizerType -> f (Maybe AuthorizerType))
-> Authorizer -> f Authorizer
authorizer_type = (Authorizer -> Maybe AuthorizerType)
-> (Authorizer -> Maybe AuthorizerType -> Authorizer)
-> Lens
     Authorizer Authorizer (Maybe AuthorizerType) (Maybe AuthorizerType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe AuthorizerType
type' :: Maybe AuthorizerType
$sel:type':Authorizer' :: Authorizer -> Maybe AuthorizerType
type'} -> Maybe AuthorizerType
type') (\s :: Authorizer
s@Authorizer' {} Maybe AuthorizerType
a -> Authorizer
s {$sel:type':Authorizer' :: Maybe AuthorizerType
type' = Maybe AuthorizerType
a} :: Authorizer)

-- | The identity source for which authorization is requested.
--
-- -   For a @TOKEN@ or @COGNITO_USER_POOLS@ authorizer, this is required
--     and specifies the request header mapping expression for the custom
--     header holding the authorization token submitted by the client. For
--     example, if the token header name is @Auth@, the header mapping
--     expression is @method.request.header.Auth@.
-- -   For the @REQUEST@ authorizer, this is required when authorization
--     caching is enabled. The value is a comma-separated string of one or
--     more mapping expressions of the specified request parameters. For
--     example, if an @Auth@ header, a @Name@ query string parameter are
--     defined as identity sources, this value is
--     @method.request.header.Auth, method.request.querystring.Name@. These
--     parameters will be used to derive the authorization caching key and
--     to perform runtime validation of the @REQUEST@ authorizer by
--     verifying all of the identity-related request parameters are
--     present, not null and non-empty. Only when this is true does the
--     authorizer invoke the authorizer Lambda function, otherwise, it
--     returns a 401 Unauthorized response without calling the Lambda
--     function. The valid value is a string of comma-separated mapping
--     expressions of the specified request parameters. When the
--     authorization caching is not enabled, this property is optional.
authorizer_identitySource :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_identitySource :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_identitySource = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
identitySource :: Maybe Text
$sel:identitySource:Authorizer' :: Authorizer -> Maybe Text
identitySource} -> Maybe Text
identitySource) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:identitySource:Authorizer' :: Maybe Text
identitySource = Maybe Text
a} :: Authorizer)

-- | Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, specify null.
authorizer_authorizerCredentials :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerCredentials :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_authorizerCredentials = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerCredentials :: Maybe Text
$sel:authorizerCredentials:Authorizer' :: Authorizer -> Maybe Text
authorizerCredentials} -> Maybe Text
authorizerCredentials) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerCredentials:Authorizer' :: Maybe Text
authorizerCredentials = Maybe Text
a} :: Authorizer)

instance Core.FromJSON Authorizer where
  parseJSON :: Value -> Parser Authorizer
parseJSON =
    String
-> (Object -> Parser Authorizer) -> Value -> Parser Authorizer
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"Authorizer"
      ( \Object
x ->
          Maybe Text
-> Maybe Text
-> Maybe [Text]
-> Maybe Text
-> Maybe Text
-> Maybe Int
-> Maybe Text
-> Maybe AuthorizerType
-> Maybe Text
-> Maybe Text
-> Authorizer
Authorizer'
            (Maybe Text
 -> Maybe Text
 -> Maybe [Text]
 -> Maybe Text
 -> Maybe Text
 -> Maybe Int
 -> Maybe Text
 -> Maybe AuthorizerType
 -> Maybe Text
 -> Maybe Text
 -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe Text
      -> Maybe [Text]
      -> Maybe Text
      -> Maybe Text
      -> Maybe Int
      -> Maybe Text
      -> Maybe AuthorizerType
      -> Maybe Text
      -> Maybe Text
      -> Authorizer)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerUri")
            Parser
  (Maybe Text
   -> Maybe [Text]
   -> Maybe Text
   -> Maybe Text
   -> Maybe Int
   -> Maybe Text
   -> Maybe AuthorizerType
   -> Maybe Text
   -> Maybe Text
   -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe [Text]
      -> Maybe Text
      -> Maybe Text
      -> Maybe Int
      -> Maybe Text
      -> Maybe AuthorizerType
      -> Maybe Text
      -> Maybe Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"identityValidationExpression")
            Parser
  (Maybe [Text]
   -> Maybe Text
   -> Maybe Text
   -> Maybe Int
   -> Maybe Text
   -> Maybe AuthorizerType
   -> Maybe Text
   -> Maybe Text
   -> Authorizer)
-> Parser (Maybe [Text])
-> Parser
     (Maybe Text
      -> Maybe Text
      -> Maybe Int
      -> Maybe Text
      -> Maybe AuthorizerType
      -> Maybe Text
      -> Maybe Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe (Maybe [Text]))
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"providerARNs" Parser (Maybe (Maybe [Text]))
-> Maybe [Text] -> Parser (Maybe [Text])
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= Maybe [Text]
forall a. Monoid a => a
Prelude.mempty)
            Parser
  (Maybe Text
   -> Maybe Text
   -> Maybe Int
   -> Maybe Text
   -> Maybe AuthorizerType
   -> Maybe Text
   -> Maybe Text
   -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe Text
      -> Maybe Int
      -> Maybe Text
      -> Maybe AuthorizerType
      -> Maybe Text
      -> Maybe Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"name")
            Parser
  (Maybe Text
   -> Maybe Int
   -> Maybe Text
   -> Maybe AuthorizerType
   -> Maybe Text
   -> Maybe Text
   -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe Int
      -> Maybe Text
      -> Maybe AuthorizerType
      -> Maybe Text
      -> Maybe Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"id")
            Parser
  (Maybe Int
   -> Maybe Text
   -> Maybe AuthorizerType
   -> Maybe Text
   -> Maybe Text
   -> Authorizer)
-> Parser (Maybe Int)
-> Parser
     (Maybe Text
      -> Maybe AuthorizerType -> Maybe Text -> Maybe Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Int)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerResultTtlInSeconds")
            Parser
  (Maybe Text
   -> Maybe AuthorizerType -> Maybe Text -> Maybe Text -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe AuthorizerType -> Maybe Text -> Maybe Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authType")
            Parser
  (Maybe AuthorizerType -> Maybe Text -> Maybe Text -> Authorizer)
-> Parser (Maybe AuthorizerType)
-> Parser (Maybe Text -> Maybe Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe AuthorizerType)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"type")
            Parser (Maybe Text -> Maybe Text -> Authorizer)
-> Parser (Maybe Text) -> Parser (Maybe Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"identitySource")
            Parser (Maybe Text -> Authorizer)
-> Parser (Maybe Text) -> Parser Authorizer
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerCredentials")
      )

instance Prelude.Hashable Authorizer

instance Prelude.NFData Authorizer