CODEWITHSUNDEEP
amazon-web-serviceshttpauthorizationaws-api-gateway
Teddie
Teddie

Reputation: 31

AWS ApiGatewayV2 HTTP API with custom authorization lambda

Is it possible to use a custom authorization lambda with ApiGatewayV2 for a HTTP API? I know it's supported for a WebSocket API but there seems to only be support for AWS' own JWT authorizer for HTTP APIs. Does anyone know of a smart way to solve this? The reason I'm asking is I need to validate third party tokens that do not fully follow OAuth2 standards (and therefore cannot use the out of the box JWT authorizer).

Upvotes: 2

Views: 1373

Answers (2)

Chris Williams
Chris Williams

Reputation: 35258

Edit

This is now a feature added to HTTP API Gateways, more can be found in the Introducing IAM and Lambda authorizers for Amazon API Gateway HTTP APIs announcement.

Original

Unfortunately Lambda custom authorizers have not been migrated to be supported by HTTP API Gateways yet.

To build RESTful APIs, you can use either HTTP APIs or REST APIs from API Gateway. REST APIs offer a wide variety of features for building and managing RESTful APIs. HTTP APIs are up to 71% cheaper compared to REST APIs, but offer only API proxy functionality. HTTP APIs are optimized for performance—they offer the core functionality of API Gateway at a lower price.

The above quote from the announcement indicates that this is a light weight version of API Gateway at the moment.

Upvotes: 0

warrens
warrens

Reputation: 2145

It is possible to have a custom authorizer lambda with an AWS ApiGatewayV2 HTTP API.

For me at the moment (still early in my development) I actually have both a V2 WEBSOCKET and a V2 HTTP API using the same lambda for authentication, and both APIs using another lambda for the route handling -- yes, only 2 lambdas handling both APIs.

It is a bit of a mess because each API type has different event formats.

I created the WEBSOCKET API first and got the authorization lambda for it working first using OAUTH "client_credentials" and JWTs.

Then I added the HTTP API -- but it did require specifically declaring (I use terraform) the $default stage, a deployment, an integration, and a route with a $default route_key. The route is where the "CUSTOM" authorizer gets tied in. The point here is that using the so-called "quick create" V2 HTTP api does not appear to allow a custom authorizer.

Upvotes: 1

Related Questions