Passing OAUTH2.0 access token in API gateway get request
Question
I have an AWS API gateway setup right now and I am able to hit my endpoint successfully with a GET request. I am not able to retrieve any information from the endpoint because I am not sure how to pass the required OAUTH2.0 access token to the enpoint for authorization. I looked through aws documentation but could not find what I am looking for. Any help would be appreciated, thanks.
1 answers
solution1
0 2019-07-18 21:49:42
There are two options you can go for:
Handling authentication on your endpoint (which I understand from your question is what you want to do): for this to work, see the following SO answer [1] which describes how to trap the
Authorizationheader.Handling authentication on the Gateway itself using API Gateway Lambda Authorizers : read the AWS documentation which describes the authorization workflow . [2] If there is no reason why you have to handle authorization on your endpoint, I would outsource it to Lambda authorizers.
For the big picture see [3]. Moreover, you can integrate Cognito if you want to further outsource user management / security to AWS services. [4]
References
[1] https://stackoverflow.com/a/31375476/10473469
[2] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
[3] https://medium.com/@chrisconcannon/nodejs-lambda-authorizer-for-json-web-tokens-334fbd6d3228
[4] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.