Reputation: 135
Is there a way to pass authentication token in Aws Api gateway?
We have an Angular SPA hosted in Aws S3 as frontend and a web service as backend. The backend web service needs to be authenticated to provide a response. But in development environment we hardcoded the backend credentials (authorization token) directly in the javascript. We cannot move it to prod as it has serious risk of being exposed in web browser. So we are asked to create a solution to pass authorization through API gateway with HTTP Proxy Integration. But we found no way to inject the authorization in the Api Gateway through the request to backend web service. Is there a way to pass credentials through Api gateway ??
We have created and tested the Api by passing the query parameters and the authorization as headers before deploying. But after deploying the api we din't find a way to pass the authorization as it states that the query parameters and headers should be mapped from the client request which is our problem.
Upvotes: 0
Views: 1137
Answers (1)
Reputation: 812
There is something called authorizer in api gateway. It acts as a middleware to your backend lambda or whatever you are using. You can make use of it to pass your authorization and validate it. On success it takes you to your backend code and on failure it gives the client unauthorized.
Upvotes: 1
Related Questions
- How to use tokens (OAuth ?) with AWS API Gateway and AWS Lambda
- AWS ApiGatewayV2 HTTP API with custom authorization lambda
- Using AWS Lambda Authorizer in API Gateway
- Is it possible to use AWS API without Authentication Token
- How do you access an AWS Lambda with credentials using API Gateway?
- Authorization using Api gateway and Lambda
- AWS API gateway : Changing Missing Authentication Token response for the HTTP operation which is not supported
- How to authenticate with API Gateway?
- Authorize AWS API Gateway by a Lambda
- Implement oauth in AWS API Gateway