AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Lambda Authorizer with API Key enabled on API Gateway

1

Hi,

I am trying to develop a Lambda Authorizer to be able to auth both JWT tokens and API Keys. I am now currently using the Token as the Lambda event payload. The API Key is now encoded as a Basic Token and put at Authorization header. With API Gateway enabled, I put the API Key at UsageIdentifierKey field in the response from Lambda Authorizer to API Gateway. However, it seems like there is no way for API Gateway to automatically map the API Key to its ID and pass both of them to my backend service. Is there a way to make this mapping happen at API Gateway?

An alternative way I have explored is that by putting the API Key at the x-api-key header, API Gateway will do the automatic mapping to pass both API Key and API Key ID to the backend service. In this way, I have to use Request as the Lambda event payload to make the Lambda authorizer be able to auth both JWT token and API Key. However, the problem is the setup for Identity Sources. Since JWT Token is put at Authorization header and API Key will be put at x-api-key header. I have to put both of them as the Identity Sources. But based on the document, all the sources specified as the Identity Sources must not be empty or null or nil. And also, I think it's related to cache of the auth. If I go with this way, Is there a way to make the Identity Sources be like at least one of them must be not empty instead of all of them?

Thanks. Jia

주제
서버리스컴퓨팅프론트엔드 웹 및 모바일네트워킹 및 콘텐츠 전송
태그
AWS Lambda아마존 API 게이트웨이
언어
English
shijiakimi
질문됨 2년 전2790회 조회
1개 답변
0

I am not sure what exactly you are trying to do. If you select Token, how can you authorize both the API Key and the JWT? If you place the API Key in the Authorization header, where is the JWT token?

If you need to verify 2 headers you should use the Request payload type. The IdentitySource is used for caching in this case. You do not need to specify both of them if they will not always be provided in the request.

What do you mean by: "map the API Key to its ID"? The value returned from the Lambda Authorizer should be the API Key as known to API Gateway so that it can use it for throttling, etc. The API Key ID, is just an internal identifier that should not mean anything to the backend.

profile pictureAWS
전문가
Uri
답변함 2년 전
profile picture
전문가
Gary Mclean
검토됨 16일 전
  • shijiakimi
    2년 전

    Thanks Uri.

    Currently, we are using Token for Lambda Authorizer. If the API call is made by an End User, a JWT Token 'Bearer xxxx' will be put to Authorization header. If the API call is made by a Server, a Basic Token 'Basic xxxx' will be put to Authorization header. And the value of the Basic Token will be the encoded API Key with its ID.

    If we use Request for Lambda Authorizer. It will become if the API call is made by an End User with a JWT Token 'Bearer xxx', the token will be put to Authorization header. If the API call is made by a Server, the API Key will be put at x-api-key header. So it's alway one and only one of the two headers will present in the request. How should we select the Identity resource?

    The API Key ID is helping us to do the association with UsagePlans from backend.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠