Lambda Authorizer Cookies as identity source

0

I am trying to send cookies IdToken but my authorizer is not receiving it. but If I use header.authorization it works. My use case is to validate access token by header.authorization and IdToken sent from browser via cookies.

3 Answers
0

Have you tried providing a token source header as mentioned here - https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html under point 9a - "Type the name of a header in Token Source. The API client must include a header of this name to send the authorization token to the Lambda authorizer."

profile pictureAWS
EXPERT
answered 2 years ago
0

yes, header.authorization works. but header.cookies does not work.

answered 2 years ago
0

I have the same issue, I believe someone on the internet theorised that the implicit cloudfront in front of your rest api is blocking the cookie header. As far as I know there is no way to fix this for REST apis, the only option seems to be to setup a (regional?) HTTP api instead and use the v2 payload which includes cookie headers. Unfortunately the http api doesn't have some features of the rest api.

Adam
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions