Reputation: 611
AWS ApiGateway Lambda Proxy access Authorizer
I´m using an Lambda Proxy and a Cognito User Pool Authorizer in my ApiGateway. In the Lambda function I can access the path etc. variables via the event object. In addition to that I want to access the claims of the authenticated user. In the documentation it is written, that I should use:
context.authorizer.claims.property
But I authorizer is null so I get
Cannot read property 'claims' of undefined
Anyone with an idea?
Upvotes: 4
Views: 5286
Answers (3)
Reputation: 41
Ensure you are sending the "Identity Token" as the Authorization header instead of the "Access Token".
Documentation for Identity Token
For example, I am using Amplify and was getting the access token with:
userSession.getAccessToken().getJwtToken() // Wrong
instead of
userSession.getIdToken().getJwtToken() // Correct
Upvotes: 0
Reputation: 3993
If you are referring to this part of the documentation, $context.authorizer.claims is part of the mapping template of the integration. It is not related to the context argument of the handler.
Using Lambda Proxy integration, you are using the passthrough mapping template. I̶t̶ ̶s̶e̶e̶m̶s̶ ̶w̶h̶a̶t̶ ̶i̶t̶ ̶d̶o̶e̶s̶ ̶n̶o̶t̶ ̶i̶n̶c̶l̶u̶d̶e̶ ̶w̶h̶a̶t̶ ̶y̶o̶u̶ ̶a̶r̶e̶ ̶l̶o̶o̶k̶i̶n̶g̶ ̶f̶o̶r̶ (see edit). You'll probably have to disable Lambda Proxy integration and use something like this in the mapping template:
{
"identity" : {
"sub" : "$context.authorizer.claims.sub",
"email" : "$context.authorizer.claims.email"
}
}
The mapping template "build" the event parameter of the Lambda. So you will be able to access to the parts of your claim via the event parameter.
exports.handler = (event, context, callback) => {
// TODO implement
callback(null, event.identity.email);
};
Note that I slightly modified the documentation example to avoid another confusion about what context can be:
- the mapping template variable in API Gateway
- the second argument of a handler in Lambda
- a key of the
eventargument in some examples of the documentation <= I renamed itidentity
Edit
As pointed out by doorstuck, the information is available using the proxy integration
Upvotes: 2
Reputation: 2308
The accepted answer will work but it is not needed. When using Lambda Proxy Integration you can access the authorizer claims at:
event.requestContext.authorizer.claims
You can try to console.log(event); and see the information you get out of a Lambda Proxy Integration in CloudWatch Logs.
Upvotes: 7
Related Questions
- Add Cognito Authorizer to Api Gateway LambdaRestAPI in CDK
- AWS API Gateway 401 Unauthorized when lambda fails
- Optional authorization for API Gateway
- AWS Cognito and API gateway using Lambda authorizer
- AWS Cognito and API Gateway Authentication
- Which credentials to use in API Gateway's Lambda to access other AWS services
- API Gateway with Cognito User Pool Authorizer and Lambda
- Using AWS Lambda with Cognito and API Gateway
- Securing access to AWS Lambda through API Gateway
- AWS Lambda Authorizer