AWS lambda : Passing data from custom authorizer to business lambda

9
votes

I am using custom authentication (with custom authorizer) for accessing AWS lambda. The authorization process works fine. But I have a problem to transmit data (ex principalId) between the authorizer lambda and the business lambda. All my lambdas are developed in JS. As explain in AWS doc, in the authorizer lambda, I add few simple fields (principalId in the code below) in context field of the Auth response. But in my business lambda, I am not able to get these fields. The AWS documentation talks about $context variable.

First, could you explain me if the $context variable is another variable or the same variable than the context variable received in parameter of the JS function?

Second, could you explain me how to get in my business lambda the data field (ex: principalId) provided by the authorizer?

Seb

4
amazon-web-servicesaws-lambdaaws-api-gateway
To clarify the answer, it is not available in the context variable in the JS function. It is in the event. The event is just a JSON map matching either you rmapping template, or a default format for the 'proxy' integration.jackko

4 Answers

5
votes

The policy document of the authorizer can be enriched with a context where you can put your custom data. That data will be provided to the business lambda via the event.

Here is an example of a policy document:

const policy = {
    context: {
        customKey: 'payload data',
      },
    policyDocument: {
        Statement: [{
            Action: 'execute-api:Invoke',
            Effect: effect,
            Resource: resource,
        }],
        Version: '2012-10-17',
    },
    principalId: sub,
};

The context contains a "customKey" with payload data as a string.

The mapping template for your API then should look like this:

{
  "customKey": "$context.authorizer.customKey"
}

Finally in your business lambda you can access the value of your customKey via the event:

exports.handler = async (event, context) => {

console.log(event.customKey);

.
.
.
};

This should log "payload data" according to my example.

Notice that you cannot set a JSON object or array as a valid value of any key in the context map according to the documentation

3
votes

I guess the $context variable you are referring to is the one available in the API Gateway mapping template. It is not equivalent to the context parameter of the business Lambda.

However, using the mapping template and its $context variable, you can build the event parameter of the business Lambda.

If the mapping template of your API endpoint looks like this:

{
  "principalId" : "$context.authorizer.principalId"
}

You should retrieve the principalId in the Lambda's event parameter.

Using the passthrough option, principalId should be available in event.context['authorizer-principal-id']. This is the default behavior when you create an endpoint.

References about mapping templates in the doc:

0
votes

In addition to Alexis answer, principalId - is currently the only param which can be passed from custom authorizer to a Lambda (as of today). However, the workaround for passing custom params is to stringify JSON parameters into the principleId. The discussion on this matter is here

0
votes

AWS APIGateway is having following tags in API definition.

1. End point name, method type
2. parameters
3. responses
4. x-amazon-apigateway-integration => under this "requestParameters" will be populatested with mapping data or any data with key value pair.

The link will definitely help you.