How to access http headers in custom authorizer AWS lambda function

10
votes

From API Gateway, I created a custom authorizer for my API using Lambda function in python. API Gateway hands over the incoming auth token using a header I configure(method.request.header.Authorization). However I also need the other headers of the original http request inside my lambda function. How do I access them? I did not see the headers on event object input to my lambda function.

Note that this is not a duplicate of How to access HTTP headers for request to AWS API Gateway using Lambda?. The question is about custom authorizer lambda function. I do not see any configuration option to pass the incoming http headers to authorizer lambda function.

As per AWS Documentation, API Gateway calls Custom Authorizer with below input. Base on the the below, I assume my ask is not possible. But want to check if there is a workaround.


{
    "type":"TOKEN",
    "authorizationToken":"",
    "methodArn":"arn:aws:execute-api:<regionId>:<accountId>:<apiId>/<stage>/<method>/<resourcePath>"
}
3
amazon-web-servicesaws-lambdaaws-api-gateway
not possible. Why do you need more than one header? Workaround: Handle authentication / authorization yourself in the Lambda function of your integration.hellomichibye

3 Answers

5
votes

This is now possible by using an Authoriser of type 'Request' instead of Token

Full details are here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

Fundamentally, all headers are passed in the event object for a Request authorisation

ie headers object on event 


    "headers": {
        "X-wibble": "111",
        "X-wobble": "222",
        "x-amzn-ssl-client-hello": "*Deleted*",
        "Via": "1.1 .cloudfront.net (CloudFront)",
        "CloudFront-Is-Desktop-Viewer": "true",
        "CloudFront-Is-SmartTV-Viewer": "false",
        "CloudFront-Forwarded-Proto": "https",
        "X-Forwarded-For": "*Deleted*",
        "CloudFront-Viewer-Country": "GB",
        "Accept": "*/*",
        "User-Agent": "curl/7.55.1",
        "X-Amzn-Trace-Id": "Root=*Deleted*",
        "Host": "*Deleted*.execute-api.eu-west-1.amazonaws.com",
        "X-Forwarded-Proto": "https",
        "X-Amz-Cf-Id": "*Deleted*",
        "CloudFront-Is-Tablet-Viewer": "false",
        "X-Forwarded-Port": "443",
        "CloudFront-Is-Mobile-Viewer": "false"
    }
0
votes

Here is a SAM template:

ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        Authorizers:
          MyAuthorizer:
            FunctionPayloadType: REQUEST
            FunctionArn: !GetAtt AuthLambda.Arn
            Identity:
              Headers:
                - X-API-KEY
                - X-API-ID
0
votes

There are several ways to do it.

  1. You can define SAM template (API Gateway) and under headers , you can define multiple headers and you can retrieve them in application.

  2. In the request, you can get multiple customheaders

    "headers": {
      "Access-Control-Allow-Origin": {
        "type": "string",
        "description": "URI that may access the resource"
      },
      "Access-Control-Allow-Methods": {
        "type": "string",
        "description": "Method or methods allowed when accessing the resource"
      },
      "Access-Control-Allow-Headers": {
        "type": "string",
        "description": "Used in response to a preflight request to indicate which HTTP headers can be used when making the request."
      }
    }

following link will help