API Gateway returns UnAuthrorized when setting custom headers in Lambda Authorizer
I have added two identity sources to my LambdaAuthorizer, one is Authorization, and another is Context.
I have also updated the specific API gateway resource called /profile to take both headers Authorization and Context. Context is optional as you can see in the screenshot.
If I now invoke the endpoint, with only Authorization set in the Headers, the API gateway returns UnAuthroized. It does not even invoke the Lambda Authorizer.
If I remove Context from identity sources in the Lambda Authorizer, it works fine.
My goal is to pass extra data through the Context headers and get that value in the LambdaAuthorizer and also trigger the LambdaAuthorizer when either the Authorization or Context changes when the endpoint in invoked.
This is how the resource is setup
This is how the Authorizer is setup
- Newest
- Most votes
- Most comments
It seems like you're facing an issue with AWS API Gateway and Lambda Authorizer. The problem is that the API Gateway returns "Unauthorized" when you set custom headers in the Lambda Authorizer. You've added two identity sources to your LambdaAuthorizer, one is "Authorization", and another is "Context". You've also updated the API gateway resource "/profile" to take both headers "Authorization" and "Context". However, when you invoke the endpoint with only "Authorization" set in the Headers, the API Gateway returns "Unauthorized" and does not even invoke the Lambda Authorizer.
This issue might be due to the way API Gateway handles optional headers. Even though you've marked the "Context" header as optional, API Gateway might still expect it to be present in the request. If it's not present, API Gateway might return an "Unauthorized" error before even invoking the Lambda Authorizer.
Here are a few things you can try to resolve this issue:
-
Check your Lambda Authorizer function: Make sure that your Lambda Authorizer function is correctly handling the case where the "Context" header is not present. Your function should be able to handle requests where only the "Authorization" header is present.
-
Use a mapping template: Instead of directly passing the headers to the Lambda Authorizer, you can use a mapping template in API Gateway to create a standard input format for your Lambda function. This way, you can ensure that the "Context" field is always present (even if it's empty) when the request reaches your Lambda function.
-
Check your API Gateway configuration: Make sure that you've correctly configured API Gateway to pass the headers to your Lambda function. You should check the integration request settings and make sure that the headers are being mapped correctly.
-
Check your API Gateway logs: Enable API Gateway logging and check the logs for any error messages or warnings that might help you diagnose the issue.
I hope, these steps will help!
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Hello Ercan
Lambda Authorizer works fine when I do not set the Context in the header when making the API call, and if I remove the Context from the IdentitySource in the authorizer, so I do not think there is an issue with Lambda Authorizer not handling the Context in its code. The request is not even made to the Authorizer code.
The Authorization header is being passed correctly, as it works when I only send the Authorization header. I have done the same thing for Context. The integration request settings have Lambda Proxy checked and there are no other specific settings specific to headers.
The logs are pretty basic, the API gateway logs say the following with no errors, but I do not see any logs in the LambdaAuthorizer when this happens. It is not making it to the Authorizer.
(a47e6f14-2b35-43e4-9ea4-0f10ecd49d2b) Method completed with status: 200 (a47e6f14-2b35-43e4-9ea4-0f10ecd49d2b) Method completed with status: 200
Also, one other thing to note is that the API Gateway does not show any logs when the endpoint is invoked with Context in the headers. It gives me a CORS error, which is a different issue I need to fix.