Config API Authorizer

Amazon API Gateway can leverage AWS Lambda functions to make authorization decision. This enables you to customize the business logic behind the scenes.

API Gateway supports two type of custom authorizers:

  1. Token authorizers
  2. Request authorizers

You can use Token authorizers when your authorization decision is purely based on the client’s bearer token. Request authorizers give your Lambda function access to all of the request information except for the body.

API Gateway can also receive context information from the custom authorizer and pass them to the backend service.

  • In our application, the custom authorizer includes the unicorn property in the request context if the UnicornManager scope is present in the token.

Step 1: Go to AWS API Gateway

Step 2: Open the WildRydes API in the left menu and select Authorizer page security

Step 3: Click the button to Create New Authorizer at the top of page

Step 4: Enter ListUnicornAuthorizer as the Name and Lambda as the Type

Step 5: Using the Lambda Function field, select your region and enter the ListUnicornAuthorizer Lambda function name

Step 6: Leave the Lambda Invoke Role field blank

Configured this way, the API Gateway console automatically sets the permissions on the Lambda function to allow the invocation. The console will ask you to confirm this action as you save the new authorizer settings

Step 7: Select Token as the Lambda Event Payload and enter Authorization as the Token Source

Step 8: Leave the default values in the Authorization Caching settings and click Create security

Step 9: The API Gateway console asks you to confirm the new permissions on the Lambda function. Click Grant & Create security