Authorization header (what about in form parameter?)

0

We currently support Authorization being passed in the header.

But we have one customer saying that they cannot pass header parameter and can only pass form parameter.

How can we enforce Auth if authorization is coming from form parameters?

Note: we are using Hydra as OAuth2 server

已提问 5 年前285 查看次数
3 回答
1

Hello:

Unfortunately there is currently no native authorization in API Gateway that supports access to the payload (where form parameters would be present). You would have to pass this information to your integration and authorize the request in your integration.

Regards,
Bob

专家
已回答 5 年前
1

when you say Integration... you mean like in a Lambda Integration

Correct. Apologies for the inconvenience.

Regards,
Bob

专家
已回答 5 年前
0

when you say Integration... you mean like in a Lambda Integration. I will be checking the client credentials against hydra in one of the Lambda itself

that is exactly what I am thinking. But having doubts if it beats the best practices
unfortunately, we need to support the customer's needs

已回答 5 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则