All geek questions in one place

Can I add an HTTP header from AWS Custom Auth on an API gateway?

I use Custom Auth on the AWS API Gateway, but I would like to add an additional HTTP header depending on the result. Does anyone know if this is possible, or how to do it. If this is not so, is there an idea when or when it will be possible?

Many thanks.

+7
source share
4 answers

We recently added support for this. Documents should appear soon.

Now you can return such an object from the authorizer function:

{
  "principalId": "xxxxxxxx", // The principal user identification associated with the token send by the client.
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow|Deny",
        "Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]"
      }
    ]
  },
  "context" : {
    "key" : "value",
    "numKey" : 1,
    "boolKey" : true
  }
}

Arrays and objects are not allowed, only string / number / boolean as valid JSON. The root key must have a name context.

$:

$context.authorizer.key -> value 
$context.authorizer.numKey -> 1
$context.authorizer.boolKey -> true

, , , $context.authorizer.yourKey yourKey , ( ).

:

http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html#api-gateway-custom-authorizer-output

+9

, , - . . ,

  • Lambda ( lambda ), - AuthPolicy /.
  • API , Auth lambda
  • , , unselect Lambda Proxy ( )
  • . . $context.authorizer.key
  • ( "body-json": $input.json('$'), ""
"headers": {
     "key-header" : "$util.escapeJavaScript($context.authorizer.key)",
     #foreach($param in $input.params().header.keySet())
         "$param": "$util.escapeJavaScript($input.params().header.get($param))" 
         #if($foreach.hasNext),#end
     #end },

, "key-header", , , ​​ user_id, user_role .. .

+1

PrincipalId , context.authorizer.principalId

0

, . , (5 2019 ),

  2. Method Request .
  4. HTTP
  5. (key-header )
  6. context.authorizer.yourKey . ( , $ .)
0

Source: https://habr.com/ru/post/1660663/

More articles:


All Articles