Hi,
I am trying AWS WebSocket API with Request Lambda authorizer, the API GW always return 403 or denied though the Lambda authorizer returns allowed result.
Looks like there are 2 versions of the Lambda response format with 2nd version having explicit "isAuthorized".
I am using the default version 1 and haven't checked how to config to user version 2 yet. <br> However, I am expecting version 1 to work too.
Here is an example response from the Lambda authorizer:
{
"principalId": "*",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": [
"arn:aws:execute-api:us-east-1:{account-id-here}:{api-id-here}/development/*/*"
]
}
]
},
"context": {
"HeaderAuth1": "cmsn=s001&ts=10162023&signature=abcde12345",
"isAuthorized": true
}
}
I've tried different values for principalId since we don't have one as the TOKEN authorizer case.
If I move "isAuthorized" to top level in the response as format v2, API GW says it's unrecognized - guess I need config it to use version 2?
Any clue about possible cause?
Thanks in advance!
The log from API GW is: "The client is not authorized to perform this operation."
BTW, I saw this error from the Lambda authorizer's trigger which is the API WebSocket API in the AWS console: "The API with ID 7rypk365yl doesn’t include a route with path /* having an integration arn:aws:lambda:us-east-1:370783930566:function:apigwLambdaAuthorizer."
For WebSocket API, I only need config the Lambda authorizer for the connect route?
Thank you!