This Lambda@Edge function takes a CloudFront request and will check it for an authorization header and validate agains a verifier. For distribution the code is "compiled" into a single file which includes only the requied dependencies and makes for a much smaller deployment artifact.

This is particularly useful as there are size limits on lambdas set on "viewer request".

• node.js
• ncc

brew install node
npm i -g @vercel/ncc

Set the jwks url, trusted issuer and audience, to the values required.

Example:

const JWKS_URI = "https://auth.example.com/.well-known/jwks.json";
const JWT_TRUSTED_ISSUER = "https://auth.example.com/";
const JWT_TRUSTED_AUDIENCE = "https://audience.example.com";

Installing the requirements and using ncc to "compile" the code into a single file.

npm install
ncc build index.js -o output
zip -j output/auth-lambda.zip output/index.js

The deployable zip file will be in the ./output folder as auth-lambda.zip