This is now possible by using an Authoriser of type 'Request' instead of Token
Full details are here:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
Fundamentally, all headers are passed in the event object for a Request authorisation
ie headers object on event
"headers": {
"X-wibble": "111",
"X-wobble": "222",
"x-amzn-ssl-client-hello": "*Deleted*",
"Via": "1.1 .cloudfront.net (CloudFront)",
"CloudFront-Is-Desktop-Viewer": "true",
"CloudFront-Is-SmartTV-Viewer": "false",
"CloudFront-Forwarded-Proto": "https",
"X-Forwarded-For": "*Deleted*",
"CloudFront-Viewer-Country": "GB",
"Accept": "*/*",
"User-Agent": "curl/7.55.1",
"X-Amzn-Trace-Id": "Root=*Deleted*",
"Host": "*Deleted*.execute-api.eu-west-1.amazonaws.com",
"X-Forwarded-Proto": "https",
"X-Amz-Cf-Id": "*Deleted*",
"CloudFront-Is-Tablet-Viewer": "false",
"X-Forwarded-Port": "443",
"CloudFront-Is-Mobile-Viewer": "false"
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…