Authorization Scopes are support by Cognito authorizers. You can configure the OAuth2 scope in the Gateway API Method Request in two ways.
Note: This interface may be adjusted.
You can configure controller-wide the OAuth2 Scope. Example:
class PostsController < ApplicationController authorizer "main#my_cognito" # protects all actions in the controller authorization_scopes %w[create delete] end
All PostsController actions will be using
delete authorization scopes.
You can also configure the OAuth2 Scope on a per-route basis with the
Jets.application.routes.draw do get "posts", to: "posts#index", authorizer: "main#my_cognito", authorization_scopes: %w[create delete] end