0

Scenario: user logs in using App ID via my app (android). The app makes an API gateway call that invokes a function. The function needs the identity of the user (i.e. the claims of the identity token). The function is IAM enabled and the API is secured by App ID.

When invoked, the function params and environment variables do not include information about the authorized caller. Params to the action do include an authorization header, but when it is decoded it is the header to the function invocation, not the header from the API call. Environment variables do not include the information either.

I have this working on AWS but I have not been able to discover how it is done on the IBM cloud. I suspect a parameter needs to be set on the action but I have not discovered the variable needed to do that. Is there a list of variables that can be used to set parameter values?

What I am expecting is a way to get the API gateway to forward headers (i.e. authorization) from the API call to the function invocation where I can extract the claims.

Robert
  • 1
  • 1
  • Could you add more details about the flow and what you are expecting? App ID is an authentication service for your solution (app), IAM is the one for IBM Cloud. You could unpack ID info from the App ID token and pass it to your function – data_henrik Jan 14 '21 at 16:24
  • Unpack ID info from the App ID token and pass it to the function is exactly what I want. I can't unpack in the app since that would allow someone to call the API while impersonating another user. I am using the API to perform authentication before the function is called, but the token isn't being forwarded through the API to the function. – Robert Jan 14 '21 at 17:02

1 Answers1

0

Making the API request with the authorization header set to the users identity token rather than access token fixed it. The params received by the function included the identity token claims.

Robert
  • 1
  • 1