- Newest
- Most votes
- Most comments
Yes, it's possible to have the API Gateway respond with a 401 status code instead of a 403 based on specific conditions in your request-based authorizer.
In your request-based authorizer function, you can conditionally return a deny policy with either a 403 or a 401 status code based on your logic. Here's an example of how you can achieve this in Node.js:
exports.handler = async (event, context) => {
// Your authorization logic here
if (/* Your condition for returning 401 */) {
// Return a deny policy with a 401 status code
return {
"principalId": "user",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Action": "execute-api:Invoke",
"Effect": "Deny",
"Resource": event.methodArn,
"Context": {
"statusCode": 401,
"message": "Unauthorized"
}
}]
}
};
} else {
// Return a deny policy with a 403 status code
return {
"principalId": "user",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Action": "execute-api:Invoke",
"Effect": "Deny",
"Resource": event.methodArn,
"Context": {
"statusCode": 403,
"message": "Forbidden"
}
}]
}
};
}
};
In this example, you can replace /* Your condition for returning 401 */ with your specific condition. If this condition is met, the authorizer will return a deny policy with a 401 status code. Otherwise, it will return a deny policy with a 403 status code.
Remember to deploy your updated authorizer function after making these changes, and test it to ensure it behaves as expected.
Hope it clarifies and if does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)
Relevant content
- Accepted Answer
asked 6 years ago 
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
