使用自定义授权者上下文在AWS API网关上添加标头不起作用

Question

I've set up an API with a single method on AWS API gateway to an HTTP service using a VPC link.

I've also set up a TOKEN custom authorizer for that API method using Lambda.

The custom authorizer is based on the AWS Node.js custom authorizer blueprint, where I'm basically allowing all methods through and returning a 'context' section along with an IAM.

{
  "principalId": "user|a1b2c3d4",
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow",
        "Resource": [
          "arn:aws:execute-api:[region]:[account_id]:[restApiId]/[stage]/*/*"
        ]
      }
    ]
  },
  "context": {
    "key": "new-token",
    "number": 1,
    "bool": true
  }
}

That's the result from the Lambda when I test it, both on the Lambda test console and one the API gateway custom authorizer console.

Finally, I mapped the Authorization header to 'context.authorizer.key' in the Integration Request section.

Now, when I execute the request, I expect that the Authorization header would be populated with the value from the 'context' section of the authorizer's response, but it's never populated.

What am I doing wrong?

Answer 1

It turns out that my setup was correct all along.

I was testing using the AWS API Gateway testing tool (using the TEST button in one of the screenshots), but that tool does not really allow you to test this out end-to-end. I ended up deploying my stage, and then testing it using Postman. Then it started working. Weird.