En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Lambda Authorizer Cookies as identity source

0

I am trying to send cookies IdToken but my authorizer is not receiving it. but If I use header.authorization it works. My use case is to validate access token by header.authorization and IdToken sent from browser via cookies.

Sujets
Sans serveurCalculWeb et mobile front-endRéseaux et diffusion de contenuFramework AWS Well-Architected
Balises
AWS LambdaPasserelle API AmazonSécurité
Langue
English
rePost-User-6968266
demandé il y a 2 ans902 vues
3 réponses
0

Have you tried providing a token source header as mentioned here - https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html under point 9a - "Type the name of a header in Token Source. The API client must include a header of this name to send the authorization token to the Lambda authorizer."

profile pictureAWS
EXPERT
Indranil Banerjee AWS
répondu il y a 2 ans
0

yes, header.authorization works. but header.cookies does not work.

rePost-User-6968266
répondu il y a 2 ans
0

I have the same issue, I believe someone on the internet theorised that the implicit cloudfront in front of your rest api is blocking the cookie header. As far as I know there is no way to fix this for REST apis, the only option seems to be to setup a (regional?) HTTP api instead and use the v2 payload which includes cookie headers. Unfortunately the http api doesn't have some features of the rest api.

Adam
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents