Adding a custom authorizer example to examples #262
Description
What is the problem you are solving?
One common way of doing api access control is to use JWT tokens. Incoming requests present tokens that contain scopes. Scopes map to api/ resource to define which apis need what scopes in the token. I could not find a good example that provides a boilerplate jwt based api access validation, and I implemented one after a ton of research and workarounds and other quirks. The example presents working sample that allows a developer to implement a custom authorizer for JWT in an almost out of the box way.
Describe persona of someone who is facing this problem?
I am a developer who needs to implement a custom authorizer to provide token based access control for my apis. My UI already has the means to request a JWT token from an OIDC provider like okta or auth0, and I now need to implement access control for my apis. The swagger api extensions allow me to define a custom authorizer. I implement the custom authorizer, but realize that getting it to work is not straightforward. The documentation is scattered, and there is no working sample that I can base my work on. It get it working, but it takes me way longer. Getting the code to work to easy. Getting it to work with SAM wasn't, and took way more time.
How do developers work around this problem today?
Dig through scattered documentation and trial and error from various posts and issues
Describe your proposed solution?
A working example of a boilerplate "Do this to integrate api access control using JWT" based on the custom authorizer blueprint
How is the proposed feature better than what the work around?
The example works out of the box, and provides an initial template that implements api access control using a custom authorizer for JWT tokens. This implementation will save significant amount of time for developers like me spent an abnormally long period trying to tie different threads together to make this work.