- Newest
- Most votes
- Most comments
Hi Oleg,
Yes correct.
If you use Lambda authorizer, you will have to code the lambda handler yourself where you ll have to return an IAM policy to allow/deny the request. A dir net blueprint can be found here: https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/tree/master/blueprints/dotnet/src but you can use any supported languages for it.
With authorizers you are in full control.
For cognito you will have just to associate it to the api gw after you create an user pool. It provides certain features out of the box, but there are certain limitations (non able to add custom claims to access tokens, very rigid to update user pools after you create them). This will be driven by your requirements and risk appetite.
Hope it helps!
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
Thank you. Yet another question: these both types of Authorizers return Allow or Deny. How to implement if I want to return user role of this user? For example, Unregistered, User, Admin, Superadmin? As I see: I need to develop 2 steps: Authorizer(1 of 2) + my own identity manager
Maybe for your case you could use the response context of the policy: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html which you can fill with above values