Get request body from custom lambda authorizer

Question

I have a HTTP API gateway with a custom lambda authorizer. I need to get the request body to determine whether or not to authorize the request but currently I am only getting the request headers. Is there any way I can do this?

Amazon Q said that the lambda authorizer will receive the entire request object as a parameter however this has not been the case.

Answer

According to the documentation you are correct. Only the headers/parameters are passed into the Authorizer which would make sense as during a POST you wouldn’t be sending a body as such and would only be interested in variables.

You would usually pass through a bearer token as such which would check to see if you have valid credentials and allow or deny you. You still need another authentication process to obtain a token to supply to api gateway.

https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html

Get request body from custom lambda authorizer

관련 콘텐츠