{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ApiGatewayV2.Types.Authorizer
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ApiGatewayV2.Types.Authorizer where

import Amazonka.ApiGatewayV2.Types.AuthorizerType
import Amazonka.ApiGatewayV2.Types.JWTConfiguration
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | Represents an authorizer.
--
-- /See:/ 'newAuthorizer' smart constructor.
data Authorizer = Authorizer'
  { -- | Specifies the required credentials as an IAM role for API Gateway to
    -- invoke the authorizer. To specify an IAM role for API Gateway to assume,
    -- use the role\'s Amazon Resource Name (ARN). To use resource-based
    -- permissions on the Lambda function, don\'t specify this parameter.
    -- Supported only for REQUEST authorizers.
    Authorizer -> Maybe Text
authorizerCredentialsArn :: Prelude.Maybe Prelude.Text,
    -- | The validation expression does not apply to the REQUEST authorizer.
    Authorizer -> Maybe Text
identityValidationExpression :: Prelude.Maybe Prelude.Text,
    -- | Specifies whether a Lambda authorizer returns a response in a simple
    -- format. If enabled, the Lambda authorizer can return a boolean value
    -- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
    -- see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
    Authorizer -> Maybe Bool
enableSimpleResponses :: Prelude.Maybe Prelude.Bool,
    -- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
    -- authorizers, this must be a well-formed Lambda function URI, for
    -- example,
    -- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
    -- In general, the URI has this form:
    -- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
    -- is the same as the region hosting the Lambda function, path indicates
    -- that the remaining substring in the URI should be treated as the path to
    -- the resource, including the initial \/. For Lambda functions, this is
    -- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
    -- Supported only for REQUEST authorizers.
    Authorizer -> Maybe Text
authorizerUri :: Prelude.Maybe Prelude.Text,
    -- | Specifies the format of the payload sent to an HTTP API Lambda
    -- authorizer. Required for HTTP API Lambda authorizers. Supported values
    -- are 1.0 and 2.0. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    Authorizer -> Maybe Text
authorizerPayloadFormatVersion :: Prelude.Maybe Prelude.Text,
    -- | Represents the configuration of a JWT authorizer. Required for the JWT
    -- authorizer type. Supported only for HTTP APIs.
    Authorizer -> Maybe JWTConfiguration
jwtConfiguration :: Prelude.Maybe JWTConfiguration,
    -- | The authorizer identifier.
    Authorizer -> Maybe Text
authorizerId :: Prelude.Maybe Prelude.Text,
    -- | The time to live (TTL) for cached authorizer results, in seconds. If it
    -- equals 0, authorization caching is disabled. If it is greater than 0,
    -- API Gateway caches authorizer responses. The maximum value is 3600, or 1
    -- hour. Supported only for HTTP API Lambda authorizers.
    Authorizer -> Maybe Natural
authorizerResultTtlInSeconds :: Prelude.Maybe Prelude.Natural,
    -- | The identity source for which authorization is requested.
    --
    -- For a REQUEST authorizer, this is optional. The value is a set of one or
    -- more mapping expressions of the specified request parameters. The
    -- identity source can be headers, query string parameters, stage
    -- variables, and context parameters. For example, if an Auth header and a
    -- Name query string parameter are defined as identity sources, this value
    -- is route.request.header.Auth, route.request.querystring.Name for
    -- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
    -- \$, for example, $request.header.Auth, $request.querystring.Name. These
    -- parameters are used to perform runtime validation for Lambda-based
    -- authorizers by verifying all of the identity-related request parameters
    -- are present in the request, not null, and non-empty. Only when this is
    -- true does the authorizer invoke the authorizer Lambda function.
    -- Otherwise, it returns a 401 Unauthorized response without calling the
    -- Lambda function. For HTTP APIs, identity sources are also used as the
    -- cache key when caching is enabled. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    --
    -- For JWT, a single entry that specifies where to extract the JSON Web
    -- Token (JWT) from inbound requests. Currently only header-based and query
    -- parameter-based selections are supported, for example
    -- \$request.header.Authorization.
    Authorizer -> Maybe [Text]
identitySource :: Prelude.Maybe [Prelude.Text],
    -- | The authorizer type. Specify REQUEST for a Lambda function using
    -- incoming request parameters. Specify JWT to use JSON Web Tokens
    -- (supported only for HTTP APIs).
    Authorizer -> Maybe AuthorizerType
authorizerType :: Prelude.Maybe AuthorizerType,
    -- | The name of the authorizer.
    Authorizer -> Text
name :: Prelude.Text
  }
  deriving (Authorizer -> Authorizer -> Bool
(Authorizer -> Authorizer -> Bool)
-> (Authorizer -> Authorizer -> Bool) -> Eq Authorizer
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Authorizer -> Authorizer -> Bool
$c/= :: Authorizer -> Authorizer -> Bool
== :: Authorizer -> Authorizer -> Bool
$c== :: Authorizer -> Authorizer -> Bool
Prelude.Eq, ReadPrec [Authorizer]
ReadPrec Authorizer
Int -> ReadS Authorizer
ReadS [Authorizer]
(Int -> ReadS Authorizer)
-> ReadS [Authorizer]
-> ReadPrec Authorizer
-> ReadPrec [Authorizer]
-> Read Authorizer
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [Authorizer]
$creadListPrec :: ReadPrec [Authorizer]
readPrec :: ReadPrec Authorizer
$creadPrec :: ReadPrec Authorizer
readList :: ReadS [Authorizer]
$creadList :: ReadS [Authorizer]
readsPrec :: Int -> ReadS Authorizer
$creadsPrec :: Int -> ReadS Authorizer
Prelude.Read, Int -> Authorizer -> ShowS
[Authorizer] -> ShowS
Authorizer -> String
(Int -> Authorizer -> ShowS)
-> (Authorizer -> String)
-> ([Authorizer] -> ShowS)
-> Show Authorizer
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Authorizer] -> ShowS
$cshowList :: [Authorizer] -> ShowS
show :: Authorizer -> String
$cshow :: Authorizer -> String
showsPrec :: Int -> Authorizer -> ShowS
$cshowsPrec :: Int -> Authorizer -> ShowS
Prelude.Show, (forall x. Authorizer -> Rep Authorizer x)
-> (forall x. Rep Authorizer x -> Authorizer) -> Generic Authorizer
forall x. Rep Authorizer x -> Authorizer
forall x. Authorizer -> Rep Authorizer x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Authorizer x -> Authorizer
$cfrom :: forall x. Authorizer -> Rep Authorizer x
Prelude.Generic)

-- |
-- Create a value of 'Authorizer' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'authorizerCredentialsArn', 'authorizer_authorizerCredentialsArn' - Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
--
-- 'identityValidationExpression', 'authorizer_identityValidationExpression' - The validation expression does not apply to the REQUEST authorizer.
--
-- 'enableSimpleResponses', 'authorizer_enableSimpleResponses' - Specifies whether a Lambda authorizer returns a response in a simple
-- format. If enabled, the Lambda authorizer can return a boolean value
-- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
-- see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
--
-- 'authorizerUri', 'authorizer_authorizerUri' - The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
--
-- 'authorizerPayloadFormatVersion', 'authorizer_authorizerPayloadFormatVersion' - Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- 'jwtConfiguration', 'authorizer_jwtConfiguration' - Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
--
-- 'authorizerId', 'authorizer_authorizerId' - The authorizer identifier.
--
-- 'authorizerResultTtlInSeconds', 'authorizer_authorizerResultTtlInSeconds' - The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
--
-- 'identitySource', 'authorizer_identitySource' - The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
--
-- 'authorizerType', 'authorizer_authorizerType' - The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
--
-- 'name', 'authorizer_name' - The name of the authorizer.
newAuthorizer ::
  -- | 'name'
  Prelude.Text ->
  Authorizer
newAuthorizer :: Text -> Authorizer
newAuthorizer Text
pName_ =
  Authorizer' :: Maybe Text
-> Maybe Text
-> Maybe Bool
-> Maybe Text
-> Maybe Text
-> Maybe JWTConfiguration
-> Maybe Text
-> Maybe Natural
-> Maybe [Text]
-> Maybe AuthorizerType
-> Text
-> Authorizer
Authorizer'
    { $sel:authorizerCredentialsArn:Authorizer' :: Maybe Text
authorizerCredentialsArn =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:identityValidationExpression:Authorizer' :: Maybe Text
identityValidationExpression = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:enableSimpleResponses:Authorizer' :: Maybe Bool
enableSimpleResponses = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerUri:Authorizer' :: Maybe Text
authorizerUri = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerPayloadFormatVersion:Authorizer' :: Maybe Text
authorizerPayloadFormatVersion = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:jwtConfiguration:Authorizer' :: Maybe JWTConfiguration
jwtConfiguration = Maybe JWTConfiguration
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerId:Authorizer' :: Maybe Text
authorizerId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerResultTtlInSeconds:Authorizer' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
forall a. Maybe a
Prelude.Nothing,
      $sel:identitySource:Authorizer' :: Maybe [Text]
identitySource = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerType:Authorizer' :: Maybe AuthorizerType
authorizerType = Maybe AuthorizerType
forall a. Maybe a
Prelude.Nothing,
      $sel:name:Authorizer' :: Text
name = Text
pName_
    }

-- | Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
authorizer_authorizerCredentialsArn :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerCredentialsArn :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_authorizerCredentialsArn = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:authorizerCredentialsArn:Authorizer' :: Authorizer -> Maybe Text
authorizerCredentialsArn} -> Maybe Text
authorizerCredentialsArn) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerCredentialsArn:Authorizer' :: Maybe Text
authorizerCredentialsArn = Maybe Text
a} :: Authorizer)

-- | The validation expression does not apply to the REQUEST authorizer.
authorizer_identityValidationExpression :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_identityValidationExpression :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_identityValidationExpression = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
identityValidationExpression :: Maybe Text
$sel:identityValidationExpression:Authorizer' :: Authorizer -> Maybe Text
identityValidationExpression} -> Maybe Text
identityValidationExpression) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:identityValidationExpression:Authorizer' :: Maybe Text
identityValidationExpression = Maybe Text
a} :: Authorizer)

-- | Specifies whether a Lambda authorizer returns a response in a simple
-- format. If enabled, the Lambda authorizer can return a boolean value
-- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
-- see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
authorizer_enableSimpleResponses :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Bool)
authorizer_enableSimpleResponses :: (Maybe Bool -> f (Maybe Bool)) -> Authorizer -> f Authorizer
authorizer_enableSimpleResponses = (Authorizer -> Maybe Bool)
-> (Authorizer -> Maybe Bool -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Bool
enableSimpleResponses :: Maybe Bool
$sel:enableSimpleResponses:Authorizer' :: Authorizer -> Maybe Bool
enableSimpleResponses} -> Maybe Bool
enableSimpleResponses) (\s :: Authorizer
s@Authorizer' {} Maybe Bool
a -> Authorizer
s {$sel:enableSimpleResponses:Authorizer' :: Maybe Bool
enableSimpleResponses = Maybe Bool
a} :: Authorizer)

-- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
authorizer_authorizerUri :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerUri :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_authorizerUri = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerUri :: Maybe Text
$sel:authorizerUri:Authorizer' :: Authorizer -> Maybe Text
authorizerUri} -> Maybe Text
authorizerUri) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerUri:Authorizer' :: Maybe Text
authorizerUri = Maybe Text
a} :: Authorizer)

-- | Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
authorizer_authorizerPayloadFormatVersion :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerPayloadFormatVersion :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_authorizerPayloadFormatVersion = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerPayloadFormatVersion :: Maybe Text
$sel:authorizerPayloadFormatVersion:Authorizer' :: Authorizer -> Maybe Text
authorizerPayloadFormatVersion} -> Maybe Text
authorizerPayloadFormatVersion) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerPayloadFormatVersion:Authorizer' :: Maybe Text
authorizerPayloadFormatVersion = Maybe Text
a} :: Authorizer)

-- | Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
authorizer_jwtConfiguration :: Lens.Lens' Authorizer (Prelude.Maybe JWTConfiguration)
authorizer_jwtConfiguration :: (Maybe JWTConfiguration -> f (Maybe JWTConfiguration))
-> Authorizer -> f Authorizer
authorizer_jwtConfiguration = (Authorizer -> Maybe JWTConfiguration)
-> (Authorizer -> Maybe JWTConfiguration -> Authorizer)
-> Lens
     Authorizer
     Authorizer
     (Maybe JWTConfiguration)
     (Maybe JWTConfiguration)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe JWTConfiguration
jwtConfiguration :: Maybe JWTConfiguration
$sel:jwtConfiguration:Authorizer' :: Authorizer -> Maybe JWTConfiguration
jwtConfiguration} -> Maybe JWTConfiguration
jwtConfiguration) (\s :: Authorizer
s@Authorizer' {} Maybe JWTConfiguration
a -> Authorizer
s {$sel:jwtConfiguration:Authorizer' :: Maybe JWTConfiguration
jwtConfiguration = Maybe JWTConfiguration
a} :: Authorizer)

-- | The authorizer identifier.
authorizer_authorizerId :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerId :: (Maybe Text -> f (Maybe Text)) -> Authorizer -> f Authorizer
authorizer_authorizerId = (Authorizer -> Maybe Text)
-> (Authorizer -> Maybe Text -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerId :: Maybe Text
$sel:authorizerId:Authorizer' :: Authorizer -> Maybe Text
authorizerId} -> Maybe Text
authorizerId) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerId:Authorizer' :: Maybe Text
authorizerId = Maybe Text
a} :: Authorizer)

-- | The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
authorizer_authorizerResultTtlInSeconds :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Natural)
authorizer_authorizerResultTtlInSeconds :: (Maybe Natural -> f (Maybe Natural)) -> Authorizer -> f Authorizer
authorizer_authorizerResultTtlInSeconds = (Authorizer -> Maybe Natural)
-> (Authorizer -> Maybe Natural -> Authorizer)
-> Lens Authorizer Authorizer (Maybe Natural) (Maybe Natural)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Natural
authorizerResultTtlInSeconds :: Maybe Natural
$sel:authorizerResultTtlInSeconds:Authorizer' :: Authorizer -> Maybe Natural
authorizerResultTtlInSeconds} -> Maybe Natural
authorizerResultTtlInSeconds) (\s :: Authorizer
s@Authorizer' {} Maybe Natural
a -> Authorizer
s {$sel:authorizerResultTtlInSeconds:Authorizer' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
a} :: Authorizer)

-- | The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
authorizer_identitySource :: Lens.Lens' Authorizer (Prelude.Maybe [Prelude.Text])
authorizer_identitySource :: (Maybe [Text] -> f (Maybe [Text])) -> Authorizer -> f Authorizer
authorizer_identitySource = (Authorizer -> Maybe [Text])
-> (Authorizer -> Maybe [Text] -> Authorizer)
-> Lens Authorizer Authorizer (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe [Text]
identitySource :: Maybe [Text]
$sel:identitySource:Authorizer' :: Authorizer -> Maybe [Text]
identitySource} -> Maybe [Text]
identitySource) (\s :: Authorizer
s@Authorizer' {} Maybe [Text]
a -> Authorizer
s {$sel:identitySource:Authorizer' :: Maybe [Text]
identitySource = Maybe [Text]
a} :: Authorizer) ((Maybe [Text] -> f (Maybe [Text])) -> Authorizer -> f Authorizer)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> Authorizer
-> f Authorizer
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
authorizer_authorizerType :: Lens.Lens' Authorizer (Prelude.Maybe AuthorizerType)
authorizer_authorizerType :: (Maybe AuthorizerType -> f (Maybe AuthorizerType))
-> Authorizer -> f Authorizer
authorizer_authorizerType = (Authorizer -> Maybe AuthorizerType)
-> (Authorizer -> Maybe AuthorizerType -> Authorizer)
-> Lens
     Authorizer Authorizer (Maybe AuthorizerType) (Maybe AuthorizerType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe AuthorizerType
authorizerType :: Maybe AuthorizerType
$sel:authorizerType:Authorizer' :: Authorizer -> Maybe AuthorizerType
authorizerType} -> Maybe AuthorizerType
authorizerType) (\s :: Authorizer
s@Authorizer' {} Maybe AuthorizerType
a -> Authorizer
s {$sel:authorizerType:Authorizer' :: Maybe AuthorizerType
authorizerType = Maybe AuthorizerType
a} :: Authorizer)

-- | The name of the authorizer.
authorizer_name :: Lens.Lens' Authorizer Prelude.Text
authorizer_name :: (Text -> f Text) -> Authorizer -> f Authorizer
authorizer_name = (Authorizer -> Text)
-> (Authorizer -> Text -> Authorizer)
-> Lens Authorizer Authorizer Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Text
name :: Text
$sel:name:Authorizer' :: Authorizer -> Text
name} -> Text
name) (\s :: Authorizer
s@Authorizer' {} Text
a -> Authorizer
s {$sel:name:Authorizer' :: Text
name = Text
a} :: Authorizer)

instance Core.FromJSON Authorizer where
  parseJSON :: Value -> Parser Authorizer
parseJSON =
    String
-> (Object -> Parser Authorizer) -> Value -> Parser Authorizer
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"Authorizer"
      ( \Object
x ->
          Maybe Text
-> Maybe Text
-> Maybe Bool
-> Maybe Text
-> Maybe Text
-> Maybe JWTConfiguration
-> Maybe Text
-> Maybe Natural
-> Maybe [Text]
-> Maybe AuthorizerType
-> Text
-> Authorizer
Authorizer'
            (Maybe Text
 -> Maybe Text
 -> Maybe Bool
 -> Maybe Text
 -> Maybe Text
 -> Maybe JWTConfiguration
 -> Maybe Text
 -> Maybe Natural
 -> Maybe [Text]
 -> Maybe AuthorizerType
 -> Text
 -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe Text
      -> Maybe Bool
      -> Maybe Text
      -> Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Text
      -> Authorizer)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerCredentialsArn")
            Parser
  (Maybe Text
   -> Maybe Bool
   -> Maybe Text
   -> Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Text
   -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe Bool
      -> Maybe Text
      -> Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"identityValidationExpression")
            Parser
  (Maybe Bool
   -> Maybe Text
   -> Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Text
   -> Authorizer)
-> Parser (Maybe Bool)
-> Parser
     (Maybe Text
      -> Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Bool)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"enableSimpleResponses")
            Parser
  (Maybe Text
   -> Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Text
   -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerUri")
            Parser
  (Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Text
   -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerPayloadFormatVersion")
            Parser
  (Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Text
   -> Authorizer)
-> Parser (Maybe JWTConfiguration)
-> Parser
     (Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Text
      -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe JWTConfiguration)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"jwtConfiguration")
            Parser
  (Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Text
   -> Authorizer)
-> Parser (Maybe Text)
-> Parser
     (Maybe Natural
      -> Maybe [Text] -> Maybe AuthorizerType -> Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerId")
            Parser
  (Maybe Natural
   -> Maybe [Text] -> Maybe AuthorizerType -> Text -> Authorizer)
-> Parser (Maybe Natural)
-> Parser
     (Maybe [Text] -> Maybe AuthorizerType -> Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Natural)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerResultTtlInSeconds")
            Parser (Maybe [Text] -> Maybe AuthorizerType -> Text -> Authorizer)
-> Parser (Maybe [Text])
-> Parser (Maybe AuthorizerType -> Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe (Maybe [Text]))
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"identitySource" Parser (Maybe (Maybe [Text]))
-> Maybe [Text] -> Parser (Maybe [Text])
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= Maybe [Text]
forall a. Monoid a => a
Prelude.mempty)
            Parser (Maybe AuthorizerType -> Text -> Authorizer)
-> Parser (Maybe AuthorizerType) -> Parser (Text -> Authorizer)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe AuthorizerType)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerType")
            Parser (Text -> Authorizer) -> Parser Text -> Parser Authorizer
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser Text
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"name")
      )

instance Prelude.Hashable Authorizer

instance Prelude.NFData Authorizer