- Newest
- Most votes
- Most comments
If I understood your case correctly, you want to authorize cognito users in your exposed API and the integration with the backend also has an internal authorizer with an OAuth2 flow. You will definitely need to authorize internally. In your case you can't do it without using Lambda, you can maintain the integration with the backend in the same way with VPC Link, but you will need to use a Lambda Authorizer. With this lambda authorizer you will validate the cognito token passed in the request, you will generate a token in the internal OAuth2 flow, you can save it to a DynamoDB for caching purposes, and you will need to return that token in the context of that lamda's response. When configuring your route, you will need to create a Mapping Template in your integration request to add the Authorization header that will be sent to the backend you returned in Lambda. Follow this documentation as a reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago