堆栈内存溢出
  简体   繁体   English

在API网关中传递OAUTH2.0访问令牌获取请求

[英]Passing OAUTH2.0 access token in API gateway get request

 原文  2019-07-18 17:27:39       amazon-web-services/ aws-api-gateway

问题描述

I have an AWS API gateway setup right now and I am able to hit my endpoint successfully with a GET request. 我现在有一个AWS API网关设置,并且能够通过GET请求成功命中我的终端节点。 I am not able to retrieve any information from the endpoint because I am not sure how to pass the required OAUTH2.0 access token to the enpoint for authorization. 我无法从端点检索任何信息,因为我不确定如何将所需的OAUTH2.0访问令牌传递给授权点。 I looked through aws documentation but could not find what I am looking for. 我浏览了aws文档,但找不到我想要的东西。 Any help would be appreciated, thanks. 任何帮助,将不胜感激,谢谢。

1 个解决方案

解决方案1
 0  2019-07-18 21:49:42

There are two options you can go for: 您可以选择两个选项:

  1. Handling authentication on your endpoint (which I understand from your question is what you want to do): for this to work, see the following SO answer [1] which describes how to trap the Authorization header. 在端点上处理身份验证(我从您的问题中了解到您要执行的操作):要使其正常工作,请参见以下SO解答[1],其中描述了如何捕获Authorization标头。

  2. Handling authentication on the Gateway itself using API Gateway Lambda Authorizers : read the AWS documentation which describes the authorization workflow . 使用API Gateway Lambda Authorizers在Gateway本身上处理身份验证:阅读描述授权工作流程的AWS文档。 [2] If there is no reason why you have to handle authorization on your endpoint, I would outsource it to Lambda authorizers. [2]如果没有理由必须在端点上处理授权,我会将其外包给Lambda授权者。

For the big picture see [3]. 有关大图,请参见[3]。 Moreover, you can integrate Cognito if you want to further outsource user management / security to AWS services. 此外,如果您想进一步将用户管理/安全性外包给AWS服务,则可以集成Cognito。 [4] [4]

References 参考文献

[1] https://stackoverflow.com/a/31375476/10473469 [1] https://stackoverflow.com/a/31375476/10473469
[2] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html [2] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
[3] https://medium.com/@chrisconcannon/nodejs-lambda-authorizer-for-json-web-tokens-334fbd6d3228 [3] https://medium.com/@chrisconcannon/nodejs-lambda-authorizer-for-json-web-tokens-334fbd6d3228
[4] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html [4] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 oauth2.0 授权代码授权流程中获取新的刷新令牌 - Get new refresh token in oauth2.0 authorization code grant flow OAuth 2.0 + Lambda + API网关 - OAuth 2.0 + Lambda + API Gateway 如何在没有应用程序客户端密钥的情况下使用 Cognito OAuth 2.0 对 API 网关请求进行身份验证? - How can I use Cognito OAuth 2.0 to authenticate a API Gateway request without having an app client secret? Cognito - 没有为 OAuth2.0 流启用客户端 - Cognito - Client is not enabled for OAuth2.0 flows 如何从 Electron JS 中的 Cognito OAuth2.0 动态获取 AccessToken - How to Get AccessToken Dynamically from Cognito OAuth2.0 in Electron JS 从 API 网关通过端点获取 OAuth 令牌 - Acquiring an OAuth token from API Gateway pass through endpoint 是否可以使用AWS Lambda来请求oauth 2.0令牌? - Is it possible to use AWS Lambda to request an oauth 2.0 token? API 网关授权方接受 ID_token 但不接受 Access_Token - API Gateway Authorizer Accepts ID_token But Not Access_Token 向AWS API Gateway访问的POST请求 - POST request to AWS API Gateway access 如何在AWS Lambda中验证Cognito访问令牌以允许网关API调用? - How to get validate Cognito Access Token in AWS Lambda to allow Gateway API call?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM