By using AWS re:Post, you agree to the Terms of Use

AppSync fails to use Lambda Authorizer for Secondary Authorization

1

When utilizing the AWS Lambda Authorizer for AppSync as a secondary option, unable to get any request to come back as authorized. As part of testing, set the Authorizer to return true in every circumstance, but it was still returning an ‘Not Authorized’ error in AppSync. It appears that this is an issue with AppSync and it's Lambda Authorizer. I am able to confirm it calls the Lambda, and the response is hardcoded to be true, but it still fails in the AWS AppSync console saying it is unauthorized. We are able to perform our queries with the API Key in the Console but it fails and says ‘Unauthorized’ with the AWS Lambda Authorizer for the same query.

We are deploying AppSync via CloudFormation, utilizing Serverless Framework and the AppSync plugin.

The return from the Lambda was hardcoded (for testing) to this:

{
  "isAuthorized": true,
  "resolverContext": {}
}

The error message in AppSync:

  "data": {
    "getEvent": null
  },
  "errors": [
    {
      "path": [
        "getEvent"
      ],
      "data": null,
      "errorType": "Unauthorized",
      "errorInfo": null,
      "locations": [
        {
          "line": 2,
          "column": 3,
          "sourceName": null
        }
      ],
      "message": "Not Authorized to access getEvent on type Query"
    }
  ]
}

Made sure to include resolverContext due to this thread about Amplify issues with AppSync. GitHub thread about Amplify issue with AppSync Lambda Auth: https://github.com/aws-amplify/amplify-cli/issues/10047

Testing with an empty resolverContext and non-empty resolverContext produced the same results.

Lambda Code, Typescript compiled to Node 14:

Object.defineProperty(exports, "__esModule", { value: true });
exports.handler = void 0;

async function handler(lambdaEvent) {

    console.log('Received event context: {}', JSON.stringify(lambdaEvent.requestContext));
    return {
        isAuthorized: true,
        resolverContext: {}
    };
}
exports.handler = handler;
//# sourceMappingURL=authenticate.js.map

Example of Context coming from AppSync invocation:

    "apiId": "zpaawy2f7rbqdpupeik44az6wm",
    "accountId": "$$$$$$$$$$$",
    "requestId": "596b0f97-a6eb-47e0-bf98-f6659fc27df0",
    "queryString": "query MyQuery {\n  getEvent(id: \"2193\") {\n    location {\n      name\n    }\n    name\n    start_time\n    end_time\n  }\n}\n",
    "operationName": "MyQuery",
    "variables": {}
}
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions