Class CreateAuthorizerResponse
- All Implemented Interfaces:
SdkPojo
,ToCopyableBuilder<CreateAuthorizerResponse.Builder,
CreateAuthorizerResponse>
Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal String
Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer.final Integer
The TTL in seconds of cached authorizer results.final String
Specifies the authorizer's Uniform Resource Identifier (URI).final String
authType()
Optional customer-defined field, used in OpenAPI imports and exports without functional impact.builder()
final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) Used to retrieve the value of a field from any class that extendsSdkResponse
.final int
hashCode()
final boolean
For responses, this returns true if the service returned a value for the ProviderARNs property.final String
id()
The identifier for the authorizer resource.final String
The identity source for which authorization is requested.final String
A validation expression for the incoming identity token.final String
name()
The name of the authorizer.A list of the Amazon Cognito user pool ARNs for theCOGNITO_USER_POOLS
authorizer.static Class
<? extends CreateAuthorizerResponse.Builder> Take this object and create a builder that contains all of the current property values of this object.final String
toString()
Returns a string representation of this object.final AuthorizerType
type()
The authorizer type.final String
The authorizer type.Methods inherited from class software.amazon.awssdk.services.apigateway.model.ApiGatewayResponse
responseMetadata
Methods inherited from class software.amazon.awssdk.core.SdkResponse
sdkHttpResponse
Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
id
The identifier for the authorizer resource.
- Returns:
- The identifier for the authorizer resource.
-
name
The name of the authorizer.
- Returns:
- The name of the authorizer.
-
type
The authorizer type. Valid values are
TOKEN
for a Lambda function using a single authorization token submitted in a custom header,REQUEST
for a Lambda function using incoming request parameters, andCOGNITO_USER_POOLS
for using an Amazon Cognito user pool.If the service returns an enum value that is not available in the current SDK version,
type
will returnAuthorizerType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromtypeAsString()
.- Returns:
- The authorizer type. Valid values are
TOKEN
for a Lambda function using a single authorization token submitted in a custom header,REQUEST
for a Lambda function using incoming request parameters, andCOGNITO_USER_POOLS
for using an Amazon Cognito user pool. - See Also:
-
typeAsString
The authorizer type. Valid values are
TOKEN
for a Lambda function using a single authorization token submitted in a custom header,REQUEST
for a Lambda function using incoming request parameters, andCOGNITO_USER_POOLS
for using an Amazon Cognito user pool.If the service returns an enum value that is not available in the current SDK version,
type
will returnAuthorizerType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromtypeAsString()
.- Returns:
- The authorizer type. Valid values are
TOKEN
for a Lambda function using a single authorization token submitted in a custom header,REQUEST
for a Lambda function using incoming request parameters, andCOGNITO_USER_POOLS
for using an Amazon Cognito user pool. - See Also:
-
hasProviderARNs
public final boolean hasProviderARNs()For responses, this returns true if the service returned a value for the ProviderARNs property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
providerARNs
A list of the Amazon Cognito user pool ARNs for the
COGNITO_USER_POOLS
authorizer. Each element is of this format:arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}
. For aTOKEN
orREQUEST
authorizer, this is not defined.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasProviderARNs()
method.- Returns:
- A list of the Amazon Cognito user pool ARNs for the
COGNITO_USER_POOLS
authorizer. Each element is of this format:arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}
. For aTOKEN
orREQUEST
authorizer, this is not defined.
-
authType
Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
- Returns:
- Optional customer-defined field, used in OpenAPI imports and exports without functional impact.
-
authorizerUri
Specifies the authorizer's Uniform Resource Identifier (URI). For
TOKEN
orREQUEST
authorizers, this must be a well-formed Lambda function URI, for example,arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
. In general, the URI has this formarn:aws:apigateway:{region}:lambda:path/{service_api}
, where{region}
is the same as the region hosting the Lambda function,path
indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial/
. For Lambda functions, this is usually of the form/2015-03-31/functions/[FunctionARN]/invocations
.- Returns:
- Specifies the authorizer's Uniform Resource Identifier (URI). For
TOKEN
orREQUEST
authorizers, this must be a well-formed Lambda function URI, for example,arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
. In general, the URI has this formarn:aws:apigateway:{region}:lambda:path/{service_api}
, where{region}
is the same as the region hosting the Lambda function,path
indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial/
. For Lambda functions, this is usually of the form/2015-03-31/functions/[FunctionARN]/invocations
.
-
authorizerCredentials
Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.
- Returns:
- Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.
-
identitySource
The identity source for which authorization is requested. For a
TOKEN
orCOGNITO_USER_POOLS
authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name isAuth
, the header mapping expression ismethod.request.header.Auth
. For theREQUEST
authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if anAuth
header, aName
query string parameter are defined as identity sources, this value ismethod.request.header.Auth
,method.request.querystring.Name
. These parameters will be used to derive the authorization caching key and to perform runtime validation of theREQUEST
authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.- Returns:
- The identity source for which authorization is requested. For a
TOKEN
orCOGNITO_USER_POOLS
authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name isAuth
, the header mapping expression ismethod.request.header.Auth
. For theREQUEST
authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if anAuth
header, aName
query string parameter are defined as identity sources, this value ismethod.request.header.Auth
,method.request.querystring.Name
. These parameters will be used to derive the authorization caching key and to perform runtime validation of theREQUEST
authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.
-
identityValidationExpression
A validation expression for the incoming identity token. For
TOKEN
authorizers, this value is a regular expression. ForCOGNITO_USER_POOLS
authorizers, API Gateway will match theaud
field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to theREQUEST
authorizer.- Returns:
- A validation expression for the incoming identity token. For
TOKEN
authorizers, this value is a regular expression. ForCOGNITO_USER_POOLS
authorizers, API Gateway will match theaud
field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to theREQUEST
authorizer.
-
authorizerResultTtlInSeconds
The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.
- Returns:
- The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<CreateAuthorizerResponse.Builder,
CreateAuthorizerResponse> - Specified by:
toBuilder
in classAwsResponse
- Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode()- Overrides:
hashCode
in classAwsResponse
-
equals
- Overrides:
equals
in classAwsResponse
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value. -
getValueForField
Description copied from class:SdkResponse
Used to retrieve the value of a field from any class that extendsSdkResponse
. The field name specified should match the member name from the corresponding service-2.json model specified in the codegen-resources folder for a given service. The class specifies what class to cast the returned value to. If the returned value is also a modeled class, theSdkResponse.getValueForField(String, Class)
method will again be available.- Overrides:
getValueForField
in classSdkResponse
- Parameters:
fieldName
- The name of the member to be retrieved.clazz
- The class to cast the returned object to.- Returns:
- Optional containing the casted return value
-
sdkFields
-