3

I have a AWS Lambda function which need to talk to an external API to validate the user using bearer token pass in API request header.

Now I want to store that token in session, so I don't want to call external API every time when user send request again with that token.

So which is a best way to do it with AWS lambda.

Thanks

vibhav bhavsar
  • 187
  • 4
  • 16
  • 1
    I would start by reading the answers to these similar questions: https://stackoverflow.com/questions/48980066/storing-the-session-token-in-aws-lambda-function https://stackoverflow.com/questions/41668376/aws-lambda-serverless-website-session-maintaining https://stackoverflow.com/questions/47942665/aws-lambda-and-web-application-with-sessions-and-databases – Mark B Apr 28 '18 at 14:31

1 Answers1

1

If this request is coming through API Gateway you should look at using a Customer Authorizer. Rather than storing the token in a session, since Lambda APIs are meant to be stateless, you should validate the token in a Custom Authorizer using the necessary keys. The key(s) would typically be set in an environment variable so you can easily access it and validate the token.

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

BryceH
  • 2,740
  • 2
  • 21
  • 24
  • Can I access call external API in Customer Authorizer lambda function? – vibhav bhavsar Apr 29 '18 at 10:52
  • Yes but that would incur the same issues you’re seeing currently. What I was suggesting is that you use whatever cryptographic material (likely a public key) that is used in the API endpoint to validate the token in the custom authorized instead. I can provide more specifics if you tell me what signing algorithm is being used for the tokens. – BryceH Apr 30 '18 at 16:27