问题
From API Gateway, I created a custom authorizer for my API using Lambda function in python. API Gateway hands over the incoming auth token using a header I configure(method.request.header.Authorization). However I also need the other headers of the original http request inside my lambda function. How do I access them? I did not see the headers on event object input to my lambda function.
Note that this is not a duplicate of How to access HTTP headers for request to AWS API Gateway using Lambda?. The question is about custom authorizer lambda function. I do not see any configuration option to pass the incoming http headers to authorizer lambda function.
As per AWS Documentation, API Gateway calls Custom Authorizer with below input. Base on the the below, I assume my ask is not possible. But want to check if there is a workaround.
{
"type":"TOKEN",
"authorizationToken":"",
"methodArn":"arn:aws:execute-api:<regionId>:<accountId>:<apiId>/<stage>/<method>/<resourcePath>"
}
回答1:
This is now possible by using an Authoriser of type 'Request' instead of Token
Full details are here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
Fundamentally, all headers are passed in the event object for a Request authorisation
ie headers object on event
"headers": {
"X-wibble": "111",
"X-wobble": "222",
"x-amzn-ssl-client-hello": "*Deleted*",
"Via": "1.1 .cloudfront.net (CloudFront)",
"CloudFront-Is-Desktop-Viewer": "true",
"CloudFront-Is-SmartTV-Viewer": "false",
"CloudFront-Forwarded-Proto": "https",
"X-Forwarded-For": "*Deleted*",
"CloudFront-Viewer-Country": "GB",
"Accept": "*/*",
"User-Agent": "curl/7.55.1",
"X-Amzn-Trace-Id": "Root=*Deleted*",
"Host": "*Deleted*.execute-api.eu-west-1.amazonaws.com",
"X-Forwarded-Proto": "https",
"X-Amz-Cf-Id": "*Deleted*",
"CloudFront-Is-Tablet-Viewer": "false",
"X-Forwarded-Port": "443",
"CloudFront-Is-Mobile-Viewer": "false"
}
回答2:
Unfortunately this is not possible at the moment but we are planning to add support for this along with some other improvements to custom authorizers. I don't have an ETA to provide at the moment.
回答3:
Just following this, as we would very much like this feature. The result of only having the header to authorize on is that we can only authorize all our lambda functions based on the same logic, even though that is not what we want.
As a workaround, we have talked about solutions to include more data in the header (which isn't optimal)
Otherwise there's always the possibility of doing specific authorization in the lambda function themselves, but in that case, we really have no use for the custom API gateway authorizer.
回答4:
Here is a SAM template:
ApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
Authorizers:
MyAuthorizer:
FunctionPayloadType: REQUEST
FunctionArn: !GetAtt AuthLambda.Arn
Identity:
Headers:
- X-API-KEY
- X-API-ID
来源:https://stackoverflow.com/questions/38596366/how-to-access-http-headers-in-custom-authorizer-aws-lambda-function