堆栈内存溢出
  简体   繁体   English

未调用 AWS API 网关自定义授权方

[英]AWS API Gateway Custom Authorizer not invoked

 原文  2018-09-28 06:26:38       amazon-web-services/ aws-lambda/ aws-api-gateway

问题描述

To start off with, i am pretty new to AWS.首先,我是 AWS 的新手。 Started with pretty basic API Gateway + Lambda integration.从非常基本的 API 网关 + Lambda 集成开始。 Below are my use cases.以下是我的用例。

  1. Created a Lambda proxy Integration request with API Gateway, GET request which outputs the addition of 2 numbers passed through query parameters.使用 API 网关创建了 Lambda 代理集成请求,GET 请求输出通过查询参数传递的 2 个数字的加法。 Now if i access this API Gateway endpoint I am getting the desired result.现在,如果我访问此 API 网关端点,我将获得所需的结果。

  2. Now I have created custom authorizer, which is in turn a call to another lambda. So a request will be validated by authorizer lambda prior hitting API Gateway endpoint.现在我已经创建了自定义授权方,这又是对另一个 lambda 的调用。因此,请求将在命中 API 网关端点之前由授权方 lambda 验证。 In this case authorizer is not invoked at all.在这种情况下,授权者根本不会被调用。

I have enabled Cloudwatch logs for API gateway & lambda, so below are issues i am facing,我已经为 API 网关和 lambda 启用了 Cloudwatch 日志,下面是我面临的问题,

  1. Cloudwatch logs to API Gateway end point does not show the call to custom authorizer lambda. Cloudwatch 记录到 API 网关端点未显示对自定义授权方 lambda 的调用。

  2. Logs to end point lambda is seen correctly in lambda group, but unable to see the same for authorizer lambda.在 lambda 组中可以正确看到到端点 lambda 的日志,但无法看到授权方 lambda 的相同内容。

I have followed the below AWS documentation nothing seems to help.我遵循了以下 AWS 文档似乎没有任何帮助。

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-lambda.html https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-lambda.html

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

Below is the API Gateway config.下面是 API 网关配置。 The authorizer configured is having a header token called 'Authorization', consumer of the API should provide the Authorization token while calling the endpoint, which is supposed to validated by Authorizer.配置的授权方有一个名为“授权”的 header 令牌,API 的消费者应在调用端点时提供授权令牌,该令牌应由授权方验证。

在此处输入图像描述

API Gateway Logs - Lambda configured was called directly without invoking Authorizer. API 网关日志 - Lambda 配置被直接调用而不调用授权程序。

在此处输入图像描述

3 个解决方案

解决方案1
 6  2019-04-08 17:04:29

As mentioned by @Anup in the comments, you probably need to re-deploy the stage for the changes to take effect.正如@Anup 在评论中所提到的,您可能需要重新部署阶段才能使更改生效。

In my case I setup everything in terraform and couldn't figure out why the custom authenticater wasn't being called.就我而言,我在 terraform 中设置了所有内容,但无法弄清楚为什么没有调用自定义身份验证器。

After adding variables to the deployment to trigger a redeployment, the custom authenticater was properly called as expected.在向部署添加变量以触发重新部署后,自定义身份验证器按预期正确调用。

解决方案2
 1  2021-01-13 16:11:08

Make sure your lambda and gateway authorizer are correctly configured.确保您的 lambda 和网关授权方配置正确。 A couple suggestions:几个建议:

  • Verify if your lambda has the API gateway trigger.验证您的 lambda 是否具有 API 网关触发器。 The trigger is created automatically when you assign your authorizer to a valid lambda function in the API gateway authorizer settings.当您将授权方分配给 API 网关授权方设置中的有效 lambda 函数时,会自动创建触发器。

  • Verify if your lambda has a valid handler.验证您的 lambda 是否具有有效的处理程序。 The current assigned handler can be seen in your lambda's configuration page.当前分配的处理程序可以在 lambda 的配置页面中看到。

  • Make sure the Method Request Authorization of your resource is set to the correct authorizer确保您的资源的Method Request Authorization设置为正确的授权人

  • Deploy the gateway to guarantee the current API stage is using the displayed settings.部署网关以保证当前 API 阶段正在使用显示的设置。

Even if your authorizer code doesn't work properly you should at least see an execution log in CloudWatch.即使您的授权方代码无法正常工作,您也至少应该在 CloudWatch 中看到执行日志。

解决方案3
 0  2022-02-20 12:12:08

Just managed to solve the same problem.刚刚设法解决了同样的问题。 The request invoke authorizer sometimes but sometimes not.请求有时会调用授权方,但有时不会。

When you create a custom authorizer, it automatically turns on the authorization caching.当您创建自定义授权方时,它会自动打开授权缓存。 The default TTL is 300s.默认 TTL 为 300 秒。

https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS API网关自定义授权程序 - AWS API gateway Custom Authorizer AWS API Gateway自定义授权者角色验证 - AWS API Gateway Custom Authorizer Role Validation AWS API Gateway 自定义授权方日志 - AWS API Gateway Custom Authorizer log AWS API Gateway/Lambda 自定义授权方中的 AuthorizerConfigurationException - AuthorizerConfigurationException in AWS API Gateway / Lambda custom authorizer AWS API网关自定义授权程序AuthorizerConfigurationException - AWS API Gateway Custom Authorizer AuthorizerConfigurationException AWS API Gateway自定义授权者意外超时 - AWS API Gateway custom authorizer unexpected timeout AWS API Gateway 自定义授权方 lambda - AWS API Gateway Custom Authorizer lambda AWS API 网关自定义授权器 lambda 未触发 - AWS API Gateway Custom Authorizer lambda is not triggering 自定义授权方的 AWS API 网关 403 错误 - AWS API gateway 403 error for Custom Authorizer AWS Api Gateway自定义授权者通过路径参数进行监管 - AWS Api Gateway custom authorizer polices with Path Params
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM