Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
3.8k views
in Technique[技术] by (71.8m points)

amazon web services - AWS lambda authorizer, Custom Context values in REST API

How could I retrieve the output of custom authorizer in lambda integration? for example, lets assume below is my swagger file with aws api gateway integration, lambda authorizer output and AwsProxyHttpServletRequest;

A question in SO here AWS API Gateway with Lambda Authorizer says it works, but not for me.

REST API

openapi: 3.0.0

info:
  title: Sample Event
  version: 1.0.0

# Enable request validator. See doc: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-validation-sample-api-swagger.html
x-amazon-apigateway-request-validators:
  all:
    validateRequestBody: true
    validateRequestParameters: true
x-amazon-apigateway-request-validator: all

x-amazon-apigateway-gateway-responses:
  # Provide more detailed error message for bad request body errors. See doc: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.html
  BAD_REQUEST_BODY:
    responseTemplates:
      application/json: '{"errorCode": "BadRequestBody", "message": "$context.error.validationErrorString"}'
    responseParameters:
      gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
  DEFAULT_4XX:
    responseParameters:
      gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
  DEFAULT_5XX:
    responseParameters:
      gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
paths:
  /events:
    post:
      operationId: CreateEvent
      requestBody:
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/CreateEventInput"
        required: true
      responses:
        "201":
          description: "Successfully Created an event."
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Event"
        "400":
          description: "Bad Request Exception"
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/BadRequestException"
        "401":
          description: "Unauthorized Exception"
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/UnauthorizedException"
        "409":
          description: "Conflict Exception"
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ConflictException"
        "429":
          description: "Too Many Requests Exception"
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/TooManyRequestsException"
        "500":
          description: "Internal Server Error"
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/InternalServerErrorException"
      x-amazon-apigateway-integration:
        uri:
          Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${EventsApiLambda.Arn}:live/invocations
        httpMethod: POST
        type: aws_proxy
        requestParameters:
          integration.request.header.x-api-auth-user: "context.authorizer.x-api-auth-user"
          integration.request.header.x-api-auth-resource-uri: "context.authorizer.x-api-auth-resource-uri"
          integration.request.header.x-api-auth-type: "context.authorizer.x-api-auth-type"
          integration.request.header.x-api-auth-resource-id: "context.authorizer.x-api-auth-resource-id"
          integration.request.header.x-api-auth-resource-type: "context.authorizer.x-api-auth-resource-type"
          integration.request.header.x-api-auth-resource-permissions: "context.authorizer.x-api-auth-resource-permissions"
        passthroughBehavior: never
      security:
        - tokenAuthorizer: []

Lambda Authorizer Output (from API-Gateway-Execution-Logs-xxxx)

(023bd04b-e1c9-4980-ae14-xxxxx) Authorizer result body before parsing: 
{
    "principalId": "act-xxxxxxxxx",
    "policyDocument": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "execute-api:Invoke",
                "Effect": "Allow",
                "Resource": "arn:aws:execute-api:*:*:*"
            }
        ]
    },
    "context": {
        "x-api-auth-user": "act-xxxxxxx",
        "x-api-auth-type": "email",
        "x-api-auth-resource-id": "11eb2825-18cc-fb80-9d6c-xxxxx",
        "x-api-auth-resource-type": "cb:event",
        "x-api-auth-resource-permissions": "read,write"
    }
}

I can see the output from authorizer reaching the api execution stage. But making it into neither the requestContext nor the multiValueHeaders.

API-Gateway-Execution-Logs_xxxx

(023bd04b-e1c9-4980-ae14-xxxx) Endpoint request headers: {X-Amz-Date=20210112T170314Z, x-amzn-apigateway-api-id=xxx, Accept=application/json, User-Agent=AmazonAPIGateway_xxxx, x-api-auth-type=email, Host=lambda.us-east-1.amazonaws.com, x-api-auth-resource-id=11eb2825-18cc-fb80-9d6c-xxxx, X-Amz-Content-Sha256=xxxxxx, X-Amzn-Trace-Id=Root=1-5ffdd64b-xxxxx;Parent=xxxx;Sampled=1, x-amzn-lambda-integration-tag=023bd04b-e1c9-4980-ae14-xxxxxx, Authorization=**********************282c30, X-Amz-Source-Arn=arn:aws:execute-api:us-east-1:38067 [TRUNCATED]

Lambda input

{
    "path": "/events",
    "isBase64Encoded": false,
    "requestContext": {
        "resourceId": "xxxxx",
        "apiId": "xxxxx",
        "resourcePath": "/events",
        "httpMethod": "POST",
        "requestId": "xxxxxx-15f9-4ca2-9a71-xxxxx",
        "extendedRequestId": "xxxxxx=",
        "accountId": "xxxx",
        "identity": {
            "userAgent": "PostmanRuntime/7.26.8",
            "sourceIp": "xxxxx"
        },
        "authorizer": {
            "principalId": "act-VNJQUexxxxx"
        },
        "stage": "v1",
        "path": "/event/events",
        "protocol": "HTTP/1.1",
        "requestTime": "12/Jan/2021:17:53:06 +0000",
        "requestTimeEpoch": xxx
    },
....[TRUNCATED]....
}

Do I need to explicitly specify the authorizer result to be in each path's header/body? Any idea?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神解答

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...