Is it possible to craft an identity source that will read the JWT from a cookie?
I have a customer looking at API Gateway but does not want to write a custom authorizer, but rather would like to use native JWT integration.
The customer has researched into HTTP APIs and know that HTTP APIs can make use of JWT authorization by specifying an identity source of $request.header. Authorization (https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html).
There's a description of identity sources but it's not clear how, or if it's possible, to reference a cookie: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.identity-sources
Is this possible, or do we have a workaround?
- Newest
- Most votes
- Most comments
from doc: "For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization."
As a workaround you can use a Lambda authorizer that will get the full request and validate the token.
Relevant content
- Accepted Answerasked a year ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
I've stumbled upon https://stackoverflow.com/questions/60861268/ which references an archived AWS Forums post and says that there is a backlog request to support Cookies with Token-based authorizers. However, since the post is archived I cannot tell if it contained the link to that backlog request or not. Uri, do you happen to know if such request exists so we could +1 it?