I know AWS has added custom authorizers to support API Gateways (link: https://aws.amazon.com/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/), but I have a basic question in the context of enabling OAuth on the APIs. I've so far been unable fo find anything concrete on it. The custom authorizer can help authorize the bearer tokens by calling a Lambda function, but who can issue these tokens and where might they be stored?
Usecase: Need to authorize AWS API Gateway APIs using 2/3 legged OAuth. The high level idea is:
- Users accesses a token endpoint and has to be authenticated against my company's IDM i.e. Ping Identity and then should be issued a authorization code/access token.
User then accesses the Resource endpoint (API) by passing the bearer/auth token.
Has anyone implemented something like this?
