Reputation: 5604
How to pass API Gateway authorizer context to a HTTP integration
I have successfully implemented a Lambda authorizer for my AWS API Gateway, but I want to pass a few custom properties from it to my Node.js endpoint.
My output from my authorizer follows the format specified by AWS, as seen below.
{
"principalId": "yyyyyyyy",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow|Deny",
"Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]"
}
]
},
"context": {
"company_id": "123",
...
}
}
In my case, context contains a few parameters, like company_id, that I would like to pass along to my Node endpoint.
If I was to use a Lambda endpoint, I understand that this is done with Mapping Template and something like this:
{
"company_id": "$context.authorizer.company_id"
}
However, Body Mapping Template is only available under Integration Request if Lambda is selected as Integration type. Not if HTTP is selected.
In short, how do I pass company_id from my Lambda authorizer to my Node API?
Upvotes: 27
Views: 26250
Answers (3)
Reputation: 5604
Most of the credit goes out to @Michael-sqlbot in the comments to my question, but I'll put the complete answer here if someone else finds this question.
Authorizer Lambda
It has to return an object in this format, where context contains the parameters you want to forward to your endpoint, as specified in the question.
{
"principalId": "yyyyyyyy",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Action": "execute-api:Invoke",
"Effect": "Allow|Deny",
"Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]"
}]
},
"context": {
"company_id": "123", <-- The part you want to forward
...
}
}
Method Request
Under Method Request / HTTP Request Headers, add the context property you want to forward:
- Name:
company_id - Required: optional
- Caching: optional
Integration Request
And under Integration Request / HTTP Headers, add:
- Name:
company_id - Mapped from:
context.authorizer.company_id - Caching: optional
Upvotes: 48
Reputation: 16037
If you're using lamda-proxy, you can access the context from your event.requestContext.authorizer.
So your company_id can be accessed using event.requestContext.authorizer.company_id.
Upvotes: 9
Reputation: 1
If you're using lamda-proxy (at least with Golang backend) you can access to that values stored on authorizer context without mapping template usage!
Remember re-launch API and wait a minutes!
It's working for me.
Upvotes: 0
Related Questions
- Unable to use custom authorizer in API Gateway
- API Gateway HTTP integration, how do I pass the authorization header?
- Using AWS Lambda Authorizer in API Gateway
- How to pass Lambda Authorizer context parameter to Backend API's
- Call Authorized Api Gateway endpoint from AWS Lambda function
- API gateway returns 401 and doesn't invoke custom authorizer
- How to pass data from AWS API Gateway Custom Authorizer to an AWS Lambda function?
- API Gateway custom authorizer
- How to use Custom Authorizer on Api Gateway?
- Authorize AWS API Gateway by a Lambda