How can I use context.authorizer in AWS API Gateway Integration Response?

Question

I set up an **API Gateway** with a **Lambda authorizer** and a **non-proxy HTTP Integration Request**.
I want to use properties from the `context.authorizer` in the **Integration Response** header.

I add the header field to the integration response **Header Mapping** section:

* Response header: `foo`
* Mapping value: `context.authorizer.principalId`

**Result**: Response header `foo` is sent, but value is empty.

However, if I change the mapping to `context.accountId` it works: the response header `foo` contains the accountId value.

**Conclusion**: I can use `context.authorizer.principalId` in a request header in the Integration request, also in the Gateway Response settings, but not in the Integration Response.

Is this a bug? Is there a workaround?

Thanks!

Bharat_S · Accepted Answer

Hello, the reason why you are not able to use 'context.authorizer.principalId' in Integration Response is because this value is limited to the request and is **not present** in the response sent back by the HTTP backend. This context variable maps the principal user identification associated with the token sent by the client and returned from an API Gateway Lambda authorizer (formerly known as a custom authorizer) [1].

To map this value in your header (here: foo), we can send this header to your HTTP backend and return as a response from there. Use mapping template to map this header to send to the backend HTTP API.[2]

[1] https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference  
[2] https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-method-settings-execution-console.html

How can I use context.authorizer in AWS API Gateway Integration Response?

Add your answer

Relevant content