- Mais recentes
- Mais votos
- Mais comentários
You have to use: type: apiKey
While the more specifcation-compliant http is accepted by the OpenAPI spec validator, it simply doesn't work. API Gateway only supports apiKey in this context.
You can leave the other options there, they don't seem to do any harm. But you should also specify the name of the Authorization header.
Example that will also create the authorizer for you:
securitySchemes:
bearerAuth:
type: apiKey
scheme: bearer
bearerFormat: JWT
name: Authorization
in: header
x-amazon-apigateway-authtype: custom
x-amazon-apigateway-authorizer:
type: token
authorizerCredentials: ${authorizerCredentials}
authorizerUri: ${authorizerUri}
Bumping this.
Just spent a good 3 hours on solving this. Like the answer suggests, apiKey indeed does work.
But how the hell is API-Gateway OpenAPI 3.^ compliant if it does not support basic open API securiySchemes?
On top of this, AWS API-Gateway supports both Request and Token based authentication. How am I supposed to achieve request auth programmatically without this construct present?
securitySchemes:
LambdaAuth:
type: apiKey
bearerFormat: JWT
name: Authorization
in: header
scheme: bearer
x-amazon-apigateway-authtype: custom
x-amazon-apigateway-authorizer:
type: request
identitySource : method.request.header.Authorization
authorizerUri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/${lambdaARN}/invocations"
If I use request here, the whole thing keep failing coz I cannot have the basic construct.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
That's the neat part @anirudhr, it isn't, and never has been for some reason. Frustratingly so