- Newest
- Most votes
- Most comments
You can only have a single authorizer on every endpoint. If you need more than one, you will need to use a Lambda authorizer to verify both.
In addition to the authorizer you can specify a resource policy, include WAF and use mutual TLS. All pf these apply to all endpoints and they are evaluated in addition to the authorizer.
I know this is a really old question, but I have a similar issue to which the accepted answer isn't helpful. I AM using a lambda authorizer, of type TOKEN. But there I need to specify the issuer and audience, and I can't specify multiple issuers. So I am still stuck even with a lambda authorizer.... Any thoughts?
similar issue. i want to use both mTLS and oAuth2 Cognito User_pool on API Gateway. so first i need to use an authorizer as a lambda authorizer to check the CRL. but then i can't get the Token by launching a second authorizer.
As answered above, you can only have a single authorizer. If you need to check multiple things, do all of them in that authorizer. So in your case, you will need to check CRL and the token inside your Lambda authorizer.
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
What do you mean by: I need to specify the issuer and audience, and I can't specify multiple issuers? Where do you need to specify them? If you need to look at multiple headers in the request, change the authorizer to REQUEST, which will send the entire request to the function.