Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Lambda Authorizer Cookies as identity source

0

I am trying to send cookies IdToken but my authorizer is not receiving it. but If I use header.authorization it works. My use case is to validate access token by header.authorization and IdToken sent from browser via cookies.

Argomenti
ServerlessComputazionaliFront-end web e dispositivi mobiliNetworking e distribuzione di contenutiAWS Well-Architected Framework
Tag
AWS LambdaGateway API di AmazonSicurezza
Lingua
English
rePost-User-6968266
posta 2 anni fa901 visualizzazioni
3 Risposte
0

Have you tried providing a token source header as mentioned here - https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html under point 9a - "Type the name of a header in Token Source. The API client must include a header of this name to send the authorization token to the Lambda authorizer."

profile pictureAWS
ESPERTO
Indranil Banerjee AWS
con risposta 2 anni fa
0

yes, header.authorization works. but header.cookies does not work.

rePost-User-6968266
con risposta 2 anni fa
0

I have the same issue, I believe someone on the internet theorised that the implicit cloudfront in front of your rest api is blocking the cookie header. As far as I know there is no way to fix this for REST apis, the only option seems to be to setup a (regional?) HTTP api instead and use the v2 payload which includes cookie headers. Unfortunately the http api doesn't have some features of the rest api.

Adam
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente