When utilizing the AWS Lambda Authorizer for AppSync as a secondary option, unable to get any request to come back as authorized. As part of testing, set the Authorizer to return true in every circumstance, but it was still returning an ‘Not Authorized’ error in AppSync. It appears that this is an issue with AppSync and it's Lambda Authorizer. I am able to confirm it calls the Lambda, and the response is hardcoded to be true, but it still fails in the AWS AppSync console saying it is unauthorized. We are able to perform our queries with the API Key in the Console but it fails and says ‘Unauthorized’ with the AWS Lambda Authorizer for the same query.
We are deploying AppSync via CloudFormation, utilizing Serverless Framework and the AppSync plugin.
The return from the Lambda was hardcoded (for testing) to this:
{
"isAuthorized": true,
"resolverContext": {}
}
The error message in AppSync:
"data": {
"getEvent": null
},
"errors": [
{
"path": [
"getEvent"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 2,
"column": 3,
"sourceName": null
}
],
"message": "Not Authorized to access getEvent on type Query"
}
]
}
Made sure to include resolverContext due to this thread about Amplify issues with AppSync. GitHub thread about Amplify issue with AppSync Lambda Auth: https://github.com/aws-amplify/amplify-cli/issues/10047
Testing with an empty resolverContext and non-empty resolverContext produced the same results.
Lambda Code, Typescript compiled to Node 14:
Object.defineProperty(exports, "__esModule", { value: true });
exports.handler = void 0;
async function handler(lambdaEvent) {
console.log('Received event context: {}', JSON.stringify(lambdaEvent.requestContext));
return {
isAuthorized: true,
resolverContext: {}
};
}
exports.handler = handler;
//# sourceMappingURL=authenticate.js.map
Example of Context coming from AppSync invocation:
"apiId": "zpaawy2f7rbqdpupeik44az6wm",
"accountId": "$$$$$$$$$$$",
"requestId": "596b0f97-a6eb-47e0-bf98-f6659fc27df0",
"queryString": "query MyQuery {\n getEvent(id: \"2193\") {\n location {\n name\n }\n name\n start_time\n end_time\n }\n}\n",
"operationName": "MyQuery",
"variables": {}
}
AWS 官方已更新 3 年前