API Gateway custom authorizer

Question

I'm new to API Gateway. I try to use the "custom authorizer". I followed below document and used sample code that website provided. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

The "Lambda Authorizer of the TOKEN type" is work.

curl -v -H 'x-custom-auth: xxxxx" https://xxxxx.execute-api.us-west-1.amazonaws.com/Prod/

For the "Lambda Authorizer of the REQUEST type", I can input header, queryValue1, stageValue1 and accountId for testing via aws console.

But...

I'm confused about the "request type" and did not know how to pass the queryValue1, stageValue1 and accountId to API Gateway.

Can anyone help me to figure it out?

Answer 1

Regardless of which type of Authorizer you use, API Gateway will receive the same headers and parameters that you originally sent.

Your Authorizer cannot modify the original request details (but it include an auth context which API Gateway can also read).

In the example you're referencing:

if (headers.HeaderAuth1 === "headerValue1"
    && queryStringParameters.QueryString1 === "queryValue1"
    && stageVariables.StageVar1 === "stageValue1"
    && requestContext.accountId === "123456789012") {
    callback(null, generateAllow('me', event.methodArn));
}  else {
    callback("Unauthorized");
}

What they're saying is that the REQUEST authorizer is expecting specific values in the request object:

• If all the values match, the authorizer will Allow the request to continue. API Gateway will receive the same request object (with all the same parameters).

• If not all the values match, the authorizer will Deny the request returning 403 Unauthorized; API Gateway will not receive the request.

Each of the properties in the example are sourced in the following ways:

• AccountId is set automatically by AWS
• StageVar1 comes from the deployed API's stage settings (API Name > Stages > Stage Name > Stage Variables)
• HeaderAuth and QueryString1 are sent by the HTTP client (e.g. curl)