Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Lambda Authorizer Cookies as identity source

0

I am trying to send cookies IdToken but my authorizer is not receiving it. but If I use header.authorization it works. My use case is to validate access token by header.authorization and IdToken sent from browser via cookies.

Themen
ServerlosKalkulationFrontend-Web & MobileVernetzung & Bereitstellung von InhaltenAWS Framework mit guter Struktur
Tags
AWS LambdaAmazon API-GatewaySicherheit
Sprache
English
rePost-User-6968266
gefragt vor 2 Jahren900 Aufrufe
3 Antworten
0

Have you tried providing a token source header as mentioned here - https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html under point 9a - "Type the name of a header in Token Source. The API client must include a header of this name to send the authorization token to the Lambda authorizer."

profile pictureAWS
EXPERTE
Indranil Banerjee AWS
beantwortet vor 2 Jahren
0

yes, header.authorization works. but header.cookies does not work.

rePost-User-6968266
beantwortet vor 2 Jahren
0

I have the same issue, I believe someone on the internet theorised that the implicit cloudfront in front of your rest api is blocking the cookie header. As far as I know there is no way to fix this for REST apis, the only option seems to be to setup a (regional?) HTTP api instead and use the v2 payload which includes cookie headers. Unfortunately the http api doesn't have some features of the rest api.

Adam
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt