Passing OAUTH2.0 access token in API gateway get request

Question

I have an AWS API gateway setup right now and I am able to hit my endpoint successfully with a GET request. I am not able to retrieve any information from the endpoint because I am not sure how to pass the required OAUTH2.0 access token to the enpoint for authorization. I looked through aws documentation but could not find what I am looking for. Any help would be appreciated, thanks.

Answer 1

There are two options you can go for:

1. Handling authentication on your endpoint (which I understand from your question is what you want to do): for this to work, see the following SO answer [1] which describes how to trap the Authorization header.

2. Handling authentication on the Gateway itself using API Gateway Lambda Authorizers: read the AWS documentation which describes the authorization workflow. [2] If there is no reason why you have to handle authorization on your endpoint, I would outsource it to Lambda authorizers.

For the big picture see [3]. Moreover, you can integrate Cognito if you want to further outsource user management / security to AWS services. [4]

References

[1] https://stackoverflow.com/a/31375476/10473469
[2] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
[3] https://medium.com/@chrisconcannon/nodejs-lambda-authorizer-for-json-web-tokens-334fbd6d3228
[4] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html