Reputation: 180
AWS API Gateway Custom Authorizer giving exception
I have to create custom authorization using AWS API Gateway and Lambda.
I followed all the step mention on offical doc. But at the end gateway is giving Unauthorized
Below are the steps I followed.
1) Created lambda function (according to the blueprint available on github). It will return policyDocument in the proper format. This has been
tested with following test data -
{
"type": "TOKEN",
"methodArn": "arn:aws:execute-api:us-west-2:xxxxxxxxxx:fgdfgdfg/null/GET/",
"authorizationToken": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEyMzQ1Njc4OTAiLCJuYW1lIjoiSm9obiBEb2UiLCJhZG1pbiI6dHJ1ZX0.x8R6LPytDMrPuUBY71skyLBUrkme86DhioN3L7LY_-0"
}
2) Create an API. Choose 'Create Method' -> Get -> Selet Integration type as 'Lambda Function' -> Choose region and lambda function name that has been created in the previous step.
3) Click on Authorizers (on left panel) -> Create New Authorizer -> Given Authorizer Name -> Choose Lambda as a type -> Choose Lambda function -> Lambda execution role is the arn with basix execution role policy -> payload as Token -> Token Source is 'method.request.header.Authorization' -> caching is disable.
4) Test the Authorizer and it returns proper policy
5) I have deployed the API
6) Trying to invoke URL with Postman with 'Authorization: Bearer '. And output is { "message": "Unauthorized" }
Any help will be appreciated! Thanks.
Upvotes: 0
Views: 1196
Answers (2)
Reputation: 180
Well, AWS is great. I've been playing with API Gateway since month now. The documentation for API Gateway really need some update. I experienced that working with API Gateway required a lot of trial and error method. It appears that the documentation (specifically Custom Authorizer for API Gateway) has been written by assuming that the devs knows the things that required to build the authorizer for API Gateway.
I don't know if I missed something or it is too complex to understand the documentation of custom authorizer. After investigating (considerable amount of time) I figured out that the exact working of it. I'll try to explain it below for somebody who may find this useful.
There is really simple concept of custom authorizer. When we create authorizer (token based or request based) then the request that comes from client will first execute authorizer (Lambda function) and after that, if request is allowed, API Gateway will forward the request to the upstream (or Endpoint URL). That's it! There is no more confusion here.
This is what I was expecting from the documentation. There are video's available out there but they need to updated because of the newly awesome features that has been added.(Like Request based authorizer)
I'm building a POC by comparing AWS API Gateway with Kong API Gateway. Trust me, I need only one-two days to complete the setup the Kong and 8-10 days for AWS API Gateway. Anyway Thanks!
Upvotes: 0
Reputation: 16067
Your token source is "Authorization" yet in your payload you send it in "AuthorizationToken".
Upvotes: 0
Related Questions
- AWS API Gateway Custom Authorizer not invoked
- custom authorizers in Amazon API Gateway 500 error
- Custom Authorizer returns 403 but not calling lambda
- AWS API Gateway Custom Authorizer AuthorizerConfigurationException
- Unable to use custom authorizer in API Gateway
- AWS Lambda Authorizer Missing from Method Request: Authorization options
- AWS API Gateway Custom Authorizer not running
- AWS API Gateway Custom Authorizer lambda is not triggering
- API Gateway custom authorizer
- How to use Custom Authorizer on Api Gateway?