- Newest
- Most votes
- Most comments
Hello,
As you pointed out in the documentation, API Gateway limits request-based Lambda identity sources to the following: Header, Query String, Stage Variable, and Context. This means that unfortunately you can't use a path parameter as a request parameter for authorization.
[+] Input to an Amazon API Gateway Lambda authorizer - REQUEST input format - https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-input.html#w37aac15b9c11c26c29b5
I sincerely thank you for providing your valuable feedback on the service. I have raised a feature request with the service team on your behalf. While I am unable to comment on if/when this feature may get released, I request you to keep an eye on our What's New and Blog pages for any new feature announcements.
[+] https://aws.amazon.com/new/ [+] https://aws.amazon.com/blogs/aws/
It is possible to use "$context.httpMethod and $context.resourceId" as Identity Sources in addition to any Identity Sources that are already configured on the Lambda Authorizer.
Lambda 'Request' authorizer supports a Identity Source called "$context". The "$context" is a meta data that is computed by API GW and is made available to the API. This information need not be passed by the caller but is automatically available to API GW. "$context" has "$context.httpMethod" and "$context.resourceId". When $context.httpMethod" and "$context.resourceId" are specified in the Identity Sources, the cache namespace will be built per method and per resource so that all requests to "POST /<endpoint>" will be cached separately and all requests to "GET /<endpoint>" will be cached separately, assuming both the requests use the same credentials.
