0

I have authorizer lambda that I want its identity source to be a cookie, how can I achieve this?

I want to point it to a specific cookie because I don't want to pass the authorization token in a header because that means I'll have to allow my client to have programmatic access to the token which is not secure at all, and I prefer to use secure httpOnly cookies for such tokens.

123
  • 127
  • 3
  • 18
  • You can set the identity source is `Cookie` header and parse cookie value yourself. – hoangdv Jul 29 '23 at 03:01
  • @hoangdv How can I parse the cookie value so a specific cookie would be the identity source though? If I set the identity source to a cookie like this: `$request.header.Cookie` it would not work as expected and any cookie change (even change to cookie that is not the auth cookie) would cause the authorizer to run again instead of getting the value from cache.. – 123 Jul 29 '23 at 06:43

0 Answers0