Is it possible to pass a stage variables to a custom authorizer in AWS API Gateway?

Question

I'm currently developing an API using AWS API Gateway. I'm issuing a JSON Web Token (JWT) to my client. That JWT is signed using a secret. I'm currently storing the secret in stage variables.

I want to use a custom authorizer to validate the JWT's signature. However I can't seem to find a way of passing the stage variable containing my secret to my custom authorizer.

For the authorisation endpoint issuing the JWT, I've used Lambda Proxy Integration to pass the secret from the stage variable to my Lambda function. However there doesn't seem to be an equivalent feature for custom authorizers.

Answer 1

It's not currently possible to access stage variables from your custom authorizer function. However, we are considering this for future development.

I would urge against storing secrets in stage variables and opt for a secret management solution (such as KMS) instead. KMS can be easily called from within your custom authorizer function.

Answer 2

A little bit later :) but from current documentation it seems now it's possible to use stage variables.

Identity sources

You can optionally specify identity sources for a Lambda authorizer. Identity sources specify the location of data that's required to authorize a request. For example, you can specify header or query string values as identity sources. If you specify identity sources, clients must include them in the request. If the client's request doesn't include the identity sources, API Gateway doesn't invoke your Lambda authorizer, and the client receives a 401 error.

The following identity sources are supported:

• Header value $request.header.name
• Query string value $request.querystring.name
• Context variable $context.variableName
• Stage variable $stageVariables.variableName