Stack Overflow
Stack Overflow

Questions tagged [lambda-authorizer]

119 questions
8
votes
2 answers

Custom response Lambda Authorizer for 401

Calling the Lambda callback function from a Lambda Authorizer with the string Unauthorized in the error parameter returns a 401 response with the body: { "message": "Unauthorized" } Trying to use any other string in the response results in the…
Simian
  • 814
  • 11
  • 21
6
votes
2 answers

API Gateway Authorizer - IAM policy not caching

I am trying to cache the IAM policy returned by the authorizer lambda when it validates the JWT token for the first time. I have enabled and set the authorizerResultTtlInSeconds to 3500 seconds in API Gateway Authorizer. However, I still see a…
nehacharya
  • 925
  • 1
  • 11
  • 31
5
votes
2 answers

How to secure an HTTP based API Gateway in AWS

There are two versions of the AWS API Gateway: REST version HTTP version (v2) I am using the newer HTTP version with a lambda authorizer and would like to protect my staging/test environments from outside requests. One idea is to put a WAF in…
Jay Prall
  • 5,295
  • 5
  • 49
  • 79
5
votes
2 answers

AWS authorizer returns 500, message: null, with AuthorizerConfigurationException error in response

I've spent the better part of today trying to make authorizers work, I've checked multiple examples and they all seem to be doing the same thing my code does. I use serverless framework here's the authorization code: exports.handler = function…
NikVogri
  • 81
  • 1
  • 6
5
votes
1 answer

Custom request-based lambda authorizer for AWS API Gateway is not triggered for API innovations

Have created a simple basic request-based authorizer for my AWS API Gateway following documentation (https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html) While testing the Authorizer (with dummy setup…
Kumar Vivek
  • 351
  • 7
  • 30
5
votes
1 answer

Use ApiGateway Authorizer to Validate Github Payload Signature (X-Hub-Signature)

I am currently working on a simple api to receive Github event payloads, and I want to validate that they are coming from the correct source. With this I am working to use the hmac signature in the requests header (generated by github using a secret…
Tyler Filko
  • 98
  • 7
4
votes
1 answer

How to bypass authorization in internal lambda call

I've implemented two lambda's (let's call A and B) behind api gateway. Assume A is called from "outside" and B is being called from outside and also from A. I've also implemented lambda Authorizer (token-based; cognito) as auth layer. Everything is…
tal.f
  • 73
  • 5
4
votes
1 answer

AWS API Gateway with Lambda Authorizer

I am trying to configure an API Gateway which takes a proxy parameter from the request path, and also a parameter from the Lambda authorizer return and put it in the header, so that it can be passed to my Elastic Beanstalk REST API running Spring…
Tracy Xia
  • 371
  • 9
  • 22
4
votes
1 answer

AWS Custom Authorizer times out

I have serverless lambda function (AWS) that creates an express server using serverless-http. The Custom Authorizer i use to authenticate requests times out after running successfully. below is the policy returned as per CloudWatch…
hanan hamza
  • 460
  • 4
  • 13
4
votes
2 answers

How to create a lambda permission for a custom websocket request authorizer with CloudFormation for API Gateway?

I've been trying to create a lambda permission for a websockets request authorizer for API Gateway and the $connect route. The AWS documenation mentions nothing about creating the proper lambda permission for a websocket authorizer. I keep getting a…
Thomas Jaeger
  • 923
  • 1
  • 9
  • 27
4
votes
2 answers

Return bad request response at lambda authorizer. Is it possible?

I'm trying to understand the authorizers in AWS Api Gateway. As I understand, if exception in the logic takes place in authorizer, then we would definitely get 401 with a message unauthorized. Is it possible to return bad request response, or…
Rostislav V
  • 1,706
  • 1
  • 19
  • 31
4
votes
1 answer

How can I use permissions generated in AWS Custom Authorizer in my lambda code?

I'd like to generate a custom policy that provides fine grained access to DynamoDB tables inside an AWS custom authorizer. Is this possible? In serverless, my configuration looks like this: functions: APIAuthorizer: handler:…
Aneil Mallavarapu
  • 3,485
  • 5
  • 37
  • 41
3
votes
0 answers

AWS API Gateway: multiple authentication methods for an endpoint

Is it possible to have multiple authentication methods for an endpoint under AWS API Gateway. For example, I want to let user able to be authenticated thru one of the following methods: JWT token AWS API Keys
user1187968
  • 7,154
  • 16
  • 81
  • 152
3
votes
1 answer

500 error when caching AWS Lambda Authenticator response

I'm using serverless stack, now attempting to add a Lambda Custom Authenticator to validate authorization tokens with Auth0 and add custom data to my request context when the authentication passes. Everything works mostly fine at this point, except…
Phillippe Santana
  • 2,906
  • 2
  • 28
  • 29
3
votes
2 answers

How to deploy an API Gateway custom authorizer without identity sources using serverless?

I'm trying to create a custom lambda authorizer in API Gateway using the serverless framework. The clients of my service may send either 'Authorization' or 'X-Custom' header (but not both). So what I need is a custom authorizer without an identity…
andres.enix
  • 73
  • 1
  • 8
1
2 3 4 5 6 7 8