{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ApiGatewayV2.Types.Authorizer
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ApiGatewayV2.Types.Authorizer where

import Amazonka.ApiGatewayV2.Types.AuthorizerType
import Amazonka.ApiGatewayV2.Types.JWTConfiguration
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude

-- | Represents an authorizer.
--
-- /See:/ 'newAuthorizer' smart constructor.
data Authorizer = Authorizer'
  { -- | Specifies the required credentials as an IAM role for API Gateway to
    -- invoke the authorizer. To specify an IAM role for API Gateway to assume,
    -- use the role\'s Amazon Resource Name (ARN). To use resource-based
    -- permissions on the Lambda function, don\'t specify this parameter.
    -- Supported only for REQUEST authorizers.
    Authorizer -> Maybe Text
authorizerCredentialsArn :: Prelude.Maybe Prelude.Text,
    -- | The authorizer identifier.
    Authorizer -> Maybe Text
authorizerId :: Prelude.Maybe Prelude.Text,
    -- | Specifies the format of the payload sent to an HTTP API Lambda
    -- authorizer. Required for HTTP API Lambda authorizers. Supported values
    -- are 1.0 and 2.0. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    Authorizer -> Maybe Text
authorizerPayloadFormatVersion :: Prelude.Maybe Prelude.Text,
    -- | The time to live (TTL) for cached authorizer results, in seconds. If it
    -- equals 0, authorization caching is disabled. If it is greater than 0,
    -- API Gateway caches authorizer responses. The maximum value is 3600, or 1
    -- hour. Supported only for HTTP API Lambda authorizers.
    Authorizer -> Maybe Natural
authorizerResultTtlInSeconds :: Prelude.Maybe Prelude.Natural,
    -- | The authorizer type. Specify REQUEST for a Lambda function using
    -- incoming request parameters. Specify JWT to use JSON Web Tokens
    -- (supported only for HTTP APIs).
    Authorizer -> Maybe AuthorizerType
authorizerType :: Prelude.Maybe AuthorizerType,
    -- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
    -- authorizers, this must be a well-formed Lambda function URI, for
    -- example,
    -- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
    -- In general, the URI has this form:
    -- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
    -- is the same as the region hosting the Lambda function, path indicates
    -- that the remaining substring in the URI should be treated as the path to
    -- the resource, including the initial \/. For Lambda functions, this is
    -- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
    -- Supported only for REQUEST authorizers.
    Authorizer -> Maybe Text
authorizerUri :: Prelude.Maybe Prelude.Text,
    -- | Specifies whether a Lambda authorizer returns a response in a simple
    -- format. If enabled, the Lambda authorizer can return a boolean value
    -- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
    -- see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
    Authorizer -> Maybe Bool
enableSimpleResponses :: Prelude.Maybe Prelude.Bool,
    -- | The identity source for which authorization is requested.
    --
    -- For a REQUEST authorizer, this is optional. The value is a set of one or
    -- more mapping expressions of the specified request parameters. The
    -- identity source can be headers, query string parameters, stage
    -- variables, and context parameters. For example, if an Auth header and a
    -- Name query string parameter are defined as identity sources, this value
    -- is route.request.header.Auth, route.request.querystring.Name for
    -- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
    -- \$, for example, $request.header.Auth, $request.querystring.Name. These
    -- parameters are used to perform runtime validation for Lambda-based
    -- authorizers by verifying all of the identity-related request parameters
    -- are present in the request, not null, and non-empty. Only when this is
    -- true does the authorizer invoke the authorizer Lambda function.
    -- Otherwise, it returns a 401 Unauthorized response without calling the
    -- Lambda function. For HTTP APIs, identity sources are also used as the
    -- cache key when caching is enabled. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    --
    -- For JWT, a single entry that specifies where to extract the JSON Web
    -- Token (JWT) from inbound requests. Currently only header-based and query
    -- parameter-based selections are supported, for example
    -- \$request.header.Authorization.
    Authorizer -> Maybe [Text]
identitySource :: Prelude.Maybe [Prelude.Text],
    -- | The validation expression does not apply to the REQUEST authorizer.
    Authorizer -> Maybe Text
identityValidationExpression :: Prelude.Maybe Prelude.Text,
    -- | Represents the configuration of a JWT authorizer. Required for the JWT
    -- authorizer type. Supported only for HTTP APIs.
    Authorizer -> Maybe JWTConfiguration
jwtConfiguration :: Prelude.Maybe JWTConfiguration,
    -- | The name of the authorizer.
    Authorizer -> Text
name :: Prelude.Text
  }
  deriving (Authorizer -> Authorizer -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Authorizer -> Authorizer -> Bool
$c/= :: Authorizer -> Authorizer -> Bool
== :: Authorizer -> Authorizer -> Bool
$c== :: Authorizer -> Authorizer -> Bool
Prelude.Eq, ReadPrec [Authorizer]
ReadPrec Authorizer
Int -> ReadS Authorizer
ReadS [Authorizer]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [Authorizer]
$creadListPrec :: ReadPrec [Authorizer]
readPrec :: ReadPrec Authorizer
$creadPrec :: ReadPrec Authorizer
readList :: ReadS [Authorizer]
$creadList :: ReadS [Authorizer]
readsPrec :: Int -> ReadS Authorizer
$creadsPrec :: Int -> ReadS Authorizer
Prelude.Read, Int -> Authorizer -> ShowS
[Authorizer] -> ShowS
Authorizer -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Authorizer] -> ShowS
$cshowList :: [Authorizer] -> ShowS
show :: Authorizer -> String
$cshow :: Authorizer -> String
showsPrec :: Int -> Authorizer -> ShowS
$cshowsPrec :: Int -> Authorizer -> ShowS
Prelude.Show, forall x. Rep Authorizer x -> Authorizer
forall x. Authorizer -> Rep Authorizer x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Authorizer x -> Authorizer
$cfrom :: forall x. Authorizer -> Rep Authorizer x
Prelude.Generic)

-- |
-- Create a value of 'Authorizer' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'authorizerCredentialsArn', 'authorizer_authorizerCredentialsArn' - Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
--
-- 'authorizerId', 'authorizer_authorizerId' - The authorizer identifier.
--
-- 'authorizerPayloadFormatVersion', 'authorizer_authorizerPayloadFormatVersion' - Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- 'authorizerResultTtlInSeconds', 'authorizer_authorizerResultTtlInSeconds' - The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
--
-- 'authorizerType', 'authorizer_authorizerType' - The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
--
-- 'authorizerUri', 'authorizer_authorizerUri' - The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
--
-- 'enableSimpleResponses', 'authorizer_enableSimpleResponses' - Specifies whether a Lambda authorizer returns a response in a simple
-- format. If enabled, the Lambda authorizer can return a boolean value
-- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
-- see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
--
-- 'identitySource', 'authorizer_identitySource' - The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
--
-- 'identityValidationExpression', 'authorizer_identityValidationExpression' - The validation expression does not apply to the REQUEST authorizer.
--
-- 'jwtConfiguration', 'authorizer_jwtConfiguration' - Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
--
-- 'name', 'authorizer_name' - The name of the authorizer.
newAuthorizer ::
  -- | 'name'
  Prelude.Text ->
  Authorizer
newAuthorizer :: Text -> Authorizer
newAuthorizer Text
pName_ =
  Authorizer'
    { $sel:authorizerCredentialsArn:Authorizer' :: Maybe Text
authorizerCredentialsArn =
        forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerId:Authorizer' :: Maybe Text
authorizerId = forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerPayloadFormatVersion:Authorizer' :: Maybe Text
authorizerPayloadFormatVersion = forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerResultTtlInSeconds:Authorizer' :: Maybe Natural
authorizerResultTtlInSeconds = forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerType:Authorizer' :: Maybe AuthorizerType
authorizerType = forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerUri:Authorizer' :: Maybe Text
authorizerUri = forall a. Maybe a
Prelude.Nothing,
      $sel:enableSimpleResponses:Authorizer' :: Maybe Bool
enableSimpleResponses = forall a. Maybe a
Prelude.Nothing,
      $sel:identitySource:Authorizer' :: Maybe [Text]
identitySource = forall a. Maybe a
Prelude.Nothing,
      $sel:identityValidationExpression:Authorizer' :: Maybe Text
identityValidationExpression = forall a. Maybe a
Prelude.Nothing,
      $sel:jwtConfiguration:Authorizer' :: Maybe JWTConfiguration
jwtConfiguration = forall a. Maybe a
Prelude.Nothing,
      $sel:name:Authorizer' :: Text
name = Text
pName_
    }

-- | Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
authorizer_authorizerCredentialsArn :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerCredentialsArn :: Lens' Authorizer (Maybe Text)
authorizer_authorizerCredentialsArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:authorizerCredentialsArn:Authorizer' :: Authorizer -> Maybe Text
authorizerCredentialsArn} -> Maybe Text
authorizerCredentialsArn) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerCredentialsArn:Authorizer' :: Maybe Text
authorizerCredentialsArn = Maybe Text
a} :: Authorizer)

-- | The authorizer identifier.
authorizer_authorizerId :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerId :: Lens' Authorizer (Maybe Text)
authorizer_authorizerId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerId :: Maybe Text
$sel:authorizerId:Authorizer' :: Authorizer -> Maybe Text
authorizerId} -> Maybe Text
authorizerId) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerId:Authorizer' :: Maybe Text
authorizerId = Maybe Text
a} :: Authorizer)

-- | Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
authorizer_authorizerPayloadFormatVersion :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerPayloadFormatVersion :: Lens' Authorizer (Maybe Text)
authorizer_authorizerPayloadFormatVersion = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerPayloadFormatVersion :: Maybe Text
$sel:authorizerPayloadFormatVersion:Authorizer' :: Authorizer -> Maybe Text
authorizerPayloadFormatVersion} -> Maybe Text
authorizerPayloadFormatVersion) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerPayloadFormatVersion:Authorizer' :: Maybe Text
authorizerPayloadFormatVersion = Maybe Text
a} :: Authorizer)

-- | The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
authorizer_authorizerResultTtlInSeconds :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Natural)
authorizer_authorizerResultTtlInSeconds :: Lens' Authorizer (Maybe Natural)
authorizer_authorizerResultTtlInSeconds = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Natural
authorizerResultTtlInSeconds :: Maybe Natural
$sel:authorizerResultTtlInSeconds:Authorizer' :: Authorizer -> Maybe Natural
authorizerResultTtlInSeconds} -> Maybe Natural
authorizerResultTtlInSeconds) (\s :: Authorizer
s@Authorizer' {} Maybe Natural
a -> Authorizer
s {$sel:authorizerResultTtlInSeconds:Authorizer' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
a} :: Authorizer)

-- | The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
authorizer_authorizerType :: Lens.Lens' Authorizer (Prelude.Maybe AuthorizerType)
authorizer_authorizerType :: Lens' Authorizer (Maybe AuthorizerType)
authorizer_authorizerType = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe AuthorizerType
authorizerType :: Maybe AuthorizerType
$sel:authorizerType:Authorizer' :: Authorizer -> Maybe AuthorizerType
authorizerType} -> Maybe AuthorizerType
authorizerType) (\s :: Authorizer
s@Authorizer' {} Maybe AuthorizerType
a -> Authorizer
s {$sel:authorizerType:Authorizer' :: Maybe AuthorizerType
authorizerType = Maybe AuthorizerType
a} :: Authorizer)

-- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
authorizer_authorizerUri :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_authorizerUri :: Lens' Authorizer (Maybe Text)
authorizer_authorizerUri = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
authorizerUri :: Maybe Text
$sel:authorizerUri:Authorizer' :: Authorizer -> Maybe Text
authorizerUri} -> Maybe Text
authorizerUri) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:authorizerUri:Authorizer' :: Maybe Text
authorizerUri = Maybe Text
a} :: Authorizer)

-- | Specifies whether a Lambda authorizer returns a response in a simple
-- format. If enabled, the Lambda authorizer can return a boolean value
-- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
-- see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
authorizer_enableSimpleResponses :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Bool)
authorizer_enableSimpleResponses :: Lens' Authorizer (Maybe Bool)
authorizer_enableSimpleResponses = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Bool
enableSimpleResponses :: Maybe Bool
$sel:enableSimpleResponses:Authorizer' :: Authorizer -> Maybe Bool
enableSimpleResponses} -> Maybe Bool
enableSimpleResponses) (\s :: Authorizer
s@Authorizer' {} Maybe Bool
a -> Authorizer
s {$sel:enableSimpleResponses:Authorizer' :: Maybe Bool
enableSimpleResponses = Maybe Bool
a} :: Authorizer)

-- | The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
authorizer_identitySource :: Lens.Lens' Authorizer (Prelude.Maybe [Prelude.Text])
authorizer_identitySource :: Lens' Authorizer (Maybe [Text])
authorizer_identitySource = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe [Text]
identitySource :: Maybe [Text]
$sel:identitySource:Authorizer' :: Authorizer -> Maybe [Text]
identitySource} -> Maybe [Text]
identitySource) (\s :: Authorizer
s@Authorizer' {} Maybe [Text]
a -> Authorizer
s {$sel:identitySource:Authorizer' :: Maybe [Text]
identitySource = Maybe [Text]
a} :: Authorizer) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The validation expression does not apply to the REQUEST authorizer.
authorizer_identityValidationExpression :: Lens.Lens' Authorizer (Prelude.Maybe Prelude.Text)
authorizer_identityValidationExpression :: Lens' Authorizer (Maybe Text)
authorizer_identityValidationExpression = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe Text
identityValidationExpression :: Maybe Text
$sel:identityValidationExpression:Authorizer' :: Authorizer -> Maybe Text
identityValidationExpression} -> Maybe Text
identityValidationExpression) (\s :: Authorizer
s@Authorizer' {} Maybe Text
a -> Authorizer
s {$sel:identityValidationExpression:Authorizer' :: Maybe Text
identityValidationExpression = Maybe Text
a} :: Authorizer)

-- | Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
authorizer_jwtConfiguration :: Lens.Lens' Authorizer (Prelude.Maybe JWTConfiguration)
authorizer_jwtConfiguration :: Lens' Authorizer (Maybe JWTConfiguration)
authorizer_jwtConfiguration = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Maybe JWTConfiguration
jwtConfiguration :: Maybe JWTConfiguration
$sel:jwtConfiguration:Authorizer' :: Authorizer -> Maybe JWTConfiguration
jwtConfiguration} -> Maybe JWTConfiguration
jwtConfiguration) (\s :: Authorizer
s@Authorizer' {} Maybe JWTConfiguration
a -> Authorizer
s {$sel:jwtConfiguration:Authorizer' :: Maybe JWTConfiguration
jwtConfiguration = Maybe JWTConfiguration
a} :: Authorizer)

-- | The name of the authorizer.
authorizer_name :: Lens.Lens' Authorizer Prelude.Text
authorizer_name :: Lens' Authorizer Text
authorizer_name = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Authorizer' {Text
name :: Text
$sel:name:Authorizer' :: Authorizer -> Text
name} -> Text
name) (\s :: Authorizer
s@Authorizer' {} Text
a -> Authorizer
s {$sel:name:Authorizer' :: Text
name = Text
a} :: Authorizer)

instance Data.FromJSON Authorizer where
  parseJSON :: Value -> Parser Authorizer
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"Authorizer"
      ( \Object
x ->
          Maybe Text
-> Maybe Text
-> Maybe Text
-> Maybe Natural
-> Maybe AuthorizerType
-> Maybe Text
-> Maybe Bool
-> Maybe [Text]
-> Maybe Text
-> Maybe JWTConfiguration
-> Text
-> Authorizer
Authorizer'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"authorizerCredentialsArn")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"authorizerId")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"authorizerPayloadFormatVersion")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"authorizerResultTtlInSeconds")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"authorizerType")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"authorizerUri")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"enableSimpleResponses")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"identitySource" forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty)
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"identityValidationExpression")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"jwtConfiguration")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser a
Data..: Key
"name")
      )

instance Prelude.Hashable Authorizer where
  hashWithSalt :: Int -> Authorizer -> Int
hashWithSalt Int
_salt Authorizer' {Maybe Bool
Maybe Natural
Maybe [Text]
Maybe Text
Maybe AuthorizerType
Maybe JWTConfiguration
Text
name :: Text
jwtConfiguration :: Maybe JWTConfiguration
identityValidationExpression :: Maybe Text
identitySource :: Maybe [Text]
enableSimpleResponses :: Maybe Bool
authorizerUri :: Maybe Text
authorizerType :: Maybe AuthorizerType
authorizerResultTtlInSeconds :: Maybe Natural
authorizerPayloadFormatVersion :: Maybe Text
authorizerId :: Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:name:Authorizer' :: Authorizer -> Text
$sel:jwtConfiguration:Authorizer' :: Authorizer -> Maybe JWTConfiguration
$sel:identityValidationExpression:Authorizer' :: Authorizer -> Maybe Text
$sel:identitySource:Authorizer' :: Authorizer -> Maybe [Text]
$sel:enableSimpleResponses:Authorizer' :: Authorizer -> Maybe Bool
$sel:authorizerUri:Authorizer' :: Authorizer -> Maybe Text
$sel:authorizerType:Authorizer' :: Authorizer -> Maybe AuthorizerType
$sel:authorizerResultTtlInSeconds:Authorizer' :: Authorizer -> Maybe Natural
$sel:authorizerPayloadFormatVersion:Authorizer' :: Authorizer -> Maybe Text
$sel:authorizerId:Authorizer' :: Authorizer -> Maybe Text
$sel:authorizerCredentialsArn:Authorizer' :: Authorizer -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
authorizerCredentialsArn
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
authorizerId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
authorizerPayloadFormatVersion
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Natural
authorizerResultTtlInSeconds
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe AuthorizerType
authorizerType
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
authorizerUri
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
enableSimpleResponses
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [Text]
identitySource
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
identityValidationExpression
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe JWTConfiguration
jwtConfiguration
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
name

instance Prelude.NFData Authorizer where
  rnf :: Authorizer -> ()
rnf Authorizer' {Maybe Bool
Maybe Natural
Maybe [Text]
Maybe Text
Maybe AuthorizerType
Maybe JWTConfiguration
Text
name :: Text
jwtConfiguration :: Maybe JWTConfiguration
identityValidationExpression :: Maybe Text
identitySource :: Maybe [Text]
enableSimpleResponses :: Maybe Bool
authorizerUri :: Maybe Text
authorizerType :: Maybe AuthorizerType
authorizerResultTtlInSeconds :: Maybe Natural
authorizerPayloadFormatVersion :: Maybe Text
authorizerId :: Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:name:Authorizer' :: Authorizer -> Text
$sel:jwtConfiguration:Authorizer' :: Authorizer -> Maybe JWTConfiguration
$sel:identityValidationExpression:Authorizer' :: Authorizer -> Maybe Text
$sel:identitySource:Authorizer' :: Authorizer -> Maybe [Text]
$sel:enableSimpleResponses:Authorizer' :: Authorizer -> Maybe Bool
$sel:authorizerUri:Authorizer' :: Authorizer -> Maybe Text
$sel:authorizerType:Authorizer' :: Authorizer -> Maybe AuthorizerType
$sel:authorizerResultTtlInSeconds:Authorizer' :: Authorizer -> Maybe Natural
$sel:authorizerPayloadFormatVersion:Authorizer' :: Authorizer -> Maybe Text
$sel:authorizerId:Authorizer' :: Authorizer -> Maybe Text
$sel:authorizerCredentialsArn:Authorizer' :: Authorizer -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
authorizerCredentialsArn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
authorizerId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
authorizerPayloadFormatVersion
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Natural
authorizerResultTtlInSeconds
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe AuthorizerType
authorizerType
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
authorizerUri
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
enableSimpleResponses
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [Text]
identitySource
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
identityValidationExpression
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe JWTConfiguration
jwtConfiguration
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
name