How to pass token to Integrated Resource i.e Rest API, in API Gateway Internally.

0

Hi, Can anyone please help me with this Use-case? Use-case : I've created the secure proxy for a private resource in the AWS API gateway. For private integration I've used VPClink and configured the Cognito pool authorizer. But the backend private API already have some Oauth2 token configured and I've separate API to generate the OAuth2 token. I don't want the end client to send both token via request. But want to internally pass the token which is already configured on the backend private rest API, via API Gateway.

For now I've created the proxy and I'm passing both tokens via request.

Note : I don't want to use lambda function.

For Example: You tried to hit the API Gateway Endpoints via postman with all the required parameters, now the request should first go to authenticator endpoint to generate the Oauth2 Token, Once token is generated the token should be passed to actual backend private resource to return the response.

Also, I want to know if it's the best approach to pass backend API token internally or we can pass both tokens i.e. Backend API Token and API Gateway authorizer token, via request.

1 Answer
0

If I understood your case correctly, you want to authorize cognito users in your exposed API and the integration with the backend also has an internal authorizer with an OAuth2 flow. You will definitely need to authorize internally. In your case you can't do it without using Lambda, you can maintain the integration with the backend in the same way with VPC Link, but you will need to use a Lambda Authorizer. With this lambda authorizer you will validate the cognito token passed in the request, you will generate a token in the internal OAuth2 flow, you can save it to a DynamoDB for caching purposes, and you will need to return that token in the context of that lamda's response. When configuring your route, you will need to create a Mapping Template in your integration request to add the Authorization header that will be sent to the backend you returned in Lambda. Follow this documentation as a reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html

profile pictureAWS
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions