2

We want to use the AWS API Gateway as the central entry point to our application and let a custom authorizer validate the provided JWT.
Thereby we have several private claims that we would like extract and then pass on to subsequent services (i.e. optimally the lambda function should return these extracted parameters and could then be mapped within the API gateway).

My question is now:
Is that possible? So far I only found auth policies that were made up of two objects: the principalId and the policyDocument.

Timothy
  • 2,004
  • 3
  • 23
  • 29
Christian
  • 23
  • 5

2 Answers2

2

You can't pass back any additional data at the moment, but we have this on the backlog to do along with some other improvements to Lambda authorizers that I'm sure you will find useful. No ETA for those improvements at the moment.

Edit: additional context for the authorizer response has been released. Public docs are delayed, but see my answer here: https://stackoverflow.com/a/40644554/5679071

Community
  • 1
  • 1
jackko
  • 6,998
  • 26
  • 38
0

You can use authorizers now to do so. I guess what you mean is you have a payload to extract from the JWT. You can do so with Lambda Authorizer (or custom authorizer for API Gateway's version 1 (REST API)). You can return extra info in the authorizer's response's context. It will become the underlying lambda functions' event.requestContext.authorizer. More details in my post https://shaowang.hashnode.dev/aws-lambda-functions-with-lambda-authorizer if you want to copy things in event.requestContext.authorizer into event directly with a helper decorator. Happy to take questions.

Shao
  • 121
  • 1
  • 4