How could I retrieve the output of custom authorizer in lambda integration?
for example, lets assume below is my swagger file with aws api gateway integration, lambda authorizer output and AwsProxyHttpServletRequest;
A question in SO here AWS API Gateway with Lambda Authorizer says it works, but not for me.
REST API
openapi: 3.0.0
info:
title: Sample Event
version: 1.0.0
# Enable request validator. See doc: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-validation-sample-api-swagger.html
x-amazon-apigateway-request-validators:
all:
validateRequestBody: true
validateRequestParameters: true
x-amazon-apigateway-request-validator: all
x-amazon-apigateway-gateway-responses:
# Provide more detailed error message for bad request body errors. See doc: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.html
BAD_REQUEST_BODY:
responseTemplates:
application/json: '{"errorCode": "BadRequestBody", "message": "$context.error.validationErrorString"}'
responseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
DEFAULT_4XX:
responseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
DEFAULT_5XX:
responseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
paths:
/events:
post:
operationId: CreateEvent
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/CreateEventInput"
required: true
responses:
"201":
description: "Successfully Created an event."
content:
application/json:
schema:
$ref: "#/components/schemas/Event"
"400":
description: "Bad Request Exception"
content:
application/json:
schema:
$ref: "#/components/schemas/BadRequestException"
"401":
description: "Unauthorized Exception"
content:
application/json:
schema:
$ref: "#/components/schemas/UnauthorizedException"
"409":
description: "Conflict Exception"
content:
application/json:
schema:
$ref: "#/components/schemas/ConflictException"
"429":
description: "Too Many Requests Exception"
content:
application/json:
schema:
$ref: "#/components/schemas/TooManyRequestsException"
"500":
description: "Internal Server Error"
content:
application/json:
schema:
$ref: "#/components/schemas/InternalServerErrorException"
x-amazon-apigateway-integration:
uri:
Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${EventsApiLambda.Arn}:live/invocations
httpMethod: POST
type: aws_proxy
requestParameters:
integration.request.header.x-api-auth-user: "context.authorizer.x-api-auth-user"
integration.request.header.x-api-auth-resource-uri: "context.authorizer.x-api-auth-resource-uri"
integration.request.header.x-api-auth-type: "context.authorizer.x-api-auth-type"
integration.request.header.x-api-auth-resource-id: "context.authorizer.x-api-auth-resource-id"
integration.request.header.x-api-auth-resource-type: "context.authorizer.x-api-auth-resource-type"
integration.request.header.x-api-auth-resource-permissions: "context.authorizer.x-api-auth-resource-permissions"
passthroughBehavior: never
security:
- tokenAuthorizer: []
Lambda Authorizer Output (from API-Gateway-Execution-Logs-xxxx)
(023bd04b-e1c9-4980-ae14-xxxxx) Authorizer result body before parsing:
{
"principalId": "act-xxxxxxxxx",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": "arn:aws:execute-api:*:*:*"
}
]
},
"context": {
"x-api-auth-user": "act-xxxxxxx",
"x-api-auth-type": "email",
"x-api-auth-resource-id": "11eb2825-18cc-fb80-9d6c-xxxxx",
"x-api-auth-resource-type": "cb:event",
"x-api-auth-resource-permissions": "read,write"
}
}
I can see the output from authorizer reaching the api execution stage. But making it into neither the requestContext nor the multiValueHeaders.
API-Gateway-Execution-Logs_xxxx
(023bd04b-e1c9-4980-ae14-xxxx) Endpoint request headers: {X-Amz-Date=20210112T170314Z, x-amzn-apigateway-api-id=xxx, Accept=application/json, User-Agent=AmazonAPIGateway_xxxx, x-api-auth-type=email, Host=lambda.us-east-1.amazonaws.com, x-api-auth-resource-id=11eb2825-18cc-fb80-9d6c-xxxx, X-Amz-Content-Sha256=xxxxxx, X-Amzn-Trace-Id=Root=1-5ffdd64b-xxxxx;Parent=xxxx;Sampled=1, x-amzn-lambda-integration-tag=023bd04b-e1c9-4980-ae14-xxxxxx, Authorization=**********************282c30, X-Amz-Source-Arn=arn:aws:execute-api:us-east-1:38067 [TRUNCATED]
Lambda input
{
"path": "/events",
"isBase64Encoded": false,
"requestContext": {
"resourceId": "xxxxx",
"apiId": "xxxxx",
"resourcePath": "/events",
"httpMethod": "POST",
"requestId": "xxxxxx-15f9-4ca2-9a71-xxxxx",
"extendedRequestId": "xxxxxx=",
"accountId": "xxxx",
"identity": {
"userAgent": "PostmanRuntime/7.26.8",
"sourceIp": "xxxxx"
},
"authorizer": {
"principalId": "act-VNJQUexxxxx"
},
"stage": "v1",
"path": "/event/events",
"protocol": "HTTP/1.1",
"requestTime": "12/Jan/2021:17:53:06 +0000",
"requestTimeEpoch": xxx
},
....[TRUNCATED]....
}
Do I need to explicitly specify the authorizer result to be in each path's header/body?
Any idea?
