The objective in this article: create a simple Authorizer Function that checks the Client Secret passed in API calls and allows and denies requests based on whether the correct Client Secret is included. The Authorizer Function does a little more than simply accept or deny: in case of accept it also return a token object that becomes part of the request sent to the real backend.
1. Create a Function with Fn (in any runtime language, for example Java, Go or Node) – that returns HTTP 200 in case of success or 5xx in case of failure. The response body in case of success has a prescribed format.
2. Deploy the Function to an OCI environment
3. Make sure the API Gateway has access to the Function
4. Configure a Request Policy – on either the API Deployment or a specific Route within an API Deployment – of type Authentication and associated with the Authorizer Function. Read the complete article here.
For regular information become a member in the Developer Partner Community please register here.