integration of lambda authorizer to api gateway

0

I have a lambda configured to run as an HTTP server. Following example event is passed to it,

{
  "version": "2.0",
  "routeKey": "$default",
  "rawPath": "/path/to/resource",
  "rawQueryString": "sale_code=1&service=Dashboards&aws_account_id=021211401397&authorization=eyJeb21cL2FwLXNvdXRoZWFzdC0xX0syNU9jOE5VNiIsImNvZ25pdG86dXNlcm5hbWUiOiJjYTdjZDQyZi00OTgzLTQ2YzgtODZmNy1mYmY1N2FiOTJkZGMiLCJvcmlnaW5fanRpIjoiZDA2MGRmYWQtNjNiOC00ZTNjLTgzYjEtZDg2NjNiZDQ3MDZkIiwiYXVkIjoiMjNpcjNjYmpvaG8ydXA1dXJuamVtcXIwNm8iLCJldmVudF9pZCI6ImRkNmE5MzBjLTZiM2EtNGQzNi04OWYyLTZiY2IyOTVkZmE0ZiIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNzExMjc3NDE4LCJuYW1lIjoiSmVoYW4iLCJleHAiOjE3MTEyODEwMTgsImN1c3RvbTpyb2xlIjoiQWRtaW4iLCJpYXQiOjE3MTEyNzc0MTgsImZhbWlseV9uYW1lIjoiS3VsYXRoaWxha2EiLCJqdGkiOiJjMGMxMTI4My1lZDcwLTRkN2QtYWY5My1mNzJmMDBjNWM3ZmMiLCJlbWFpbCI6ImplaGFuQHRlYWFpLmFpIn0.gC_1PkwHHQNlnMgljXmnTolI9ZywePsE2FqFcY8zKcaFWuvZwRN-cxzGlbT_aOLeTxF9ZeSzNzQHwQ_mBcTe7KBeZH4CI1ODvE5Fpg0UahE-lQIcXN8g9k9Mmd6JvQ6zRagAqIqm_4ct3yDExUooUwEOxmln3JOCpttuARFJppRydNDqdZ61kB_QGCl5g-n9ulvO83MNJZJHxIJVrI5FT6qfpTMBAmvRwX2GoFSSfQ74Ai1lTm7ue-PF27H2LmHPuksqnl1jp4QVfn_XJR7g_VqXi1MecoV349RDDIw4hovyLcWc9nEn-waSztkzgcMQ7gFv4TRLAUzGxnMJCXKlZw",
  "cookies": [
    "cookie1",
    "cookie2"
  ],
  "headers": {
    "Header1": "value1",
    "Header2": "value1,value2"
  },
  "queryStringParameters": {
    "parameter1": "value1,value2",
    "parameter2": "value"
  },
  "requestContext": {
    "accountId": "123456789012",
    "apiId": "api-id",
    "authentication": {
      "clientCert": {
        "clientCertPem": "CERT_CONTENT",
        "subjectDN": "www.example.com",
        "issuerDN": "Example issuer",
        "serialNumber": "a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1",
        "validity": {
          "notBefore": "May 28 12:30:02 2019 GMT",
          "notAfter": "Aug  5 09:36:04 2021 GMT"
        }
      }
    },
    "authorizer": {
      "jwt": {
        "claims": {
          "claim1": "value1",
          "claim2": "value2"
        },
        "scopes": [
          "scope1",
          "scope2"
        ]
      }
    },
    "domainName": "id.execute-api.us-east-1.amazonaws.com",
    "domainPrefix": "id",
    "http": {
      "method": "GET",
      "path": "/",
      "protocol": "HTTP/1.1",
      "sourceIp": "192.168.0.1/32",
      "userAgent": "agent"
    },
    "requestId": "id",
    "routeKey": "$default",
    "stage": "$default",
    "time": "12/Mar/2020:19:03:58 +0000",
    "timeEpoch": 1583348638390
  },
  "body": "eyJ0ZXN0IjoiYm9keSJ9",
  "pathParameters": {
    "parameter1": "value1"
  },
  "isBase64Encoded": true,
  "stageVariables": {
    "stageVariable1": "value1",
    "stageVariable2": "value2"
  }
}

I have integrated this lambda as my lambda authorizer but when I test it I get this error

"statusCode": 422, "headers": {"content-length": "347", "content-type": "application/json"}, "multiValueHeaders": {}, "body": "{\"detail\":[{\"loc\":[\"query\",\"authorization\"],\"msg\":\"field required\",\"type\":\"value_error.missing\"},{\"loc\":[\"query\",\"aws_account_id\"],...

How can I fix this?

1回答
0
承認された回答

Not sure I completly understand what you are trying to do. If your function is a web server, it is not the same as a Lambda authorizer. A Lambda authorizer is a way to implement custom authorization mechanisms, and there is a specific response format for it.

profile pictureAWS
エキスパート
Uri
回答済み 2ヶ月前
profile picture
エキスパート
レビュー済み 2ヶ月前
  • I hope this clarifies what I tried to say. It's just a server accepting an HTTP request having few parameters so it does the custom validation and sends the response whether authenticated or not. If I send the same request the lambda response is

    { "statusCode": 200, "body": "{"status":200,"msg":"authorization failed","isAuthorized":false}", "headers": { "content-length": "64", "content-type": "application/json" }, "isBase64Encoded": false }

  • API Gateway expects a specifc response format from a Lambda authorizer. You can find how it should look for REST API here and for HTTP API here. As you can see, you function's response does not match any of these,

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ