newbie question, I am working on an aws based REST API . I want to add authentication, one of them is client passes a bearer token. how can i read this in my application in authentication?
I have set up an api gateway and a lambda backend. how can i read and validate this token passed, i assume in the header, in my code?
Authorization: Bearer <token>
I have set up an api in aws utilizing api gateway and a lambda. I use postman to post request to my service and get a 200 response back. lambda is based on aws basic set up , sample below
def lambda_handler(event, context):
return {
'statusCode': 200,
'body': 'Hello World!'
}
You have three options:
Create a proxy integration for your Lambda. This way, your Lambda is responsible for handling the HTTP conversation. You headers will be available in event.headers which is a dictionary of all your request headers and their values.
This is the easiest one to begin with. Whenever you see lambdas that returns HTTP status codes in the response (like in your example), they assume this kind of integration.
Create a custom integration for your Lambda and set up a request mapping template. In the mapping template, you will be able to do extract the header and put its value into a property of a strongly typed JSON.
This allows you to develop lambdas where the business logic is separated from HTTP implementation details.
(Cleanest). Implement a Lambda authorizer. This is another lambda, which is called every time a request comes in. The authorizer responds with allow/deny, and if it's allow, then your business-logic lambda is called.
This allows separating processing logic from authorization logic.
If you're using AWS Cognito user pools for authorization, you can just set it up as an authorizer for your endpoint, and it will handle the rest.