[ aws . iot ]

test-invoke-authorizer

Description

Tests a custom authorization behavior by invoking a specified custom authorizer. Use this to test and debug the custom authorization behavior of devices that connect to the AWS IoT device gateway.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  test-invoke-authorizer
--authorizer-name <value>
[--token <value>]
[--token-signature <value>]
[--http-context <value>]
[--mqtt-context <value>]
[--tls-context <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--authorizer-name (string)

The custom authorizer name.

--token (string)

The token returned by your custom authentication service.

--token-signature (string)

The signature made with the token and your custom authentication service’s private key. This value must be Base-64-encoded.

--http-context (structure)

Specifies a test HTTP authorization request.

headers -> (map)

The header keys and values in an HTTP authorization request.

key -> (string)

value -> (string)

queryString -> (string)

The query string keys and values in an HTTP authorization request.

Shorthand Syntax:

headers={KeyName1=string,KeyName2=string},queryString=string

JSON Syntax:

{
  "headers": {"string": "string"
    ...},
  "queryString": "string"
}

--mqtt-context (structure)

Specifies a test MQTT authorization request.

username -> (string)

The value of the username key in an MQTT authorization request.

password -> (blob)

The value of the password key in an MQTT authorization request.

clientId -> (string)

The value of the clientId key in an MQTT authorization request.

Shorthand Syntax:

username=string,password=blob,clientId=string

JSON Syntax:

{
  "username": "string",
  "password": blob,
  "clientId": "string"
}

--tls-context (structure)

Specifies a test TLS authorization request.

serverName -> (string)

The value of the serverName key in a TLS authorization request.

Shorthand Syntax:

serverName=string

JSON Syntax:

{
  "serverName": "string"
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To test your custom authorizer

The following test-invoke-authorizer example testS your custom authorizer.

aws iot test-invoke-authorizer \
    --authorizer-name IoTAuthorizer \
    --token allow \
    --token-signature "mE0GvaHqy9nER/FdgtJX5lXYEJ3b3vE7t1gEszc0TKGgLKWXTnPkb2AbKnOAZ8lGyoN5dVtWDWVmr25m7++zjbYIMk2TBvyGXhOmvKFBPkdgyA43KL6SiZy0cTqlPMcQDsP7VX2rXr7CTowCxSNKphGXdQe0/I5dQ+JO6KUaHwCmupt0/MejKtaNwiia064j6wprOAUwG5S1IYFuRd0X+wfo8pb0DubAIX1Ua705kuhRUcTx4SxUShEYKmN4IDEvLB6FsIr0B2wvB7y4iPmcajxzGl02ExvyCUNctCV9dYlRRGJj0nsGzBIXOI4sGytPfqlA7obdgmN22pkDzYvwjQ=="

Output:

{
    "isAuthenticated": true,
    "principalId": "principalId",
    "policyDocuments": [
        "{"Version":"2012-10-17","Statement":[{"Action":"iot:Publish","Effect":"Allow","Resource":"arn:aws:iot:us-west-2:123456789012:topic/customauthtesting"}]}"
    ],
    "refreshAfterInSeconds": 600,
    "disconnectAfterInSeconds": 3600
}

For more information, see TestInvokeAuthorizer in the AWS IoT API Reference.

Output

isAuthenticated -> (boolean)

True if the token is authenticated, otherwise false.

principalId -> (string)

The principal ID.

policyDocuments -> (list)

IAM policy documents.

(string)

refreshAfterInSeconds -> (integer)

The number of seconds after which the temporary credentials are refreshed.

disconnectAfterInSeconds -> (integer)

The number of seconds after which the connection is terminated.