AWS API gateway Custom Authorizer

1
votes

I am trying to implement custom authorizer lambda function via java SDK. Can somebody tell me the exact format of the JSON response that is expected from my lambda function. Also in which format i should return the output (JSON object or policy object).

{
    "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Resource": [
          "arn:aws:execute-api:us-east-1:1234567:myapiId/staging/POST/*"
        ],
        "Effect": "Allow"
      }
    ]
    },
    "principalId": "User123"
}

this is the format i am providing in output in JSONObject format but getting error

Mon Apr 10 09:42:35 UTC 2017 : Endpoint request body after transformations: {"type":"TOKEN","authorizationToken":"ABC123","methodArn":"arn:aws:execute-api:ap-southeast-1:007183653813:ohlqxu9p57/null/GET/"} Mon Apr 10 09:42:36 UTC 2017 : Execution failed due to configuration error: Authorizer function failed with response body: {"errorMessage":"An error occurred during JSON serialization of response","errorType":"java.lang.RuntimeException","stackTrace":[],"cause":{"errorMessage":"com.fasterxml.jackson.databind.JsonMappingException: JsonObject (through reference chain: com.google.gson.JsonObject[\"asString\"])","errorType":"java.io.UncheckedIOException","stackTrace":[],"cause":{"errorMessage":"JsonObject (through reference chain: com.google.gson.JsonObject[\"asString\"])","errorType":"com.fasterxml.jackson.databind.JsonMappingException","stackTrace":["com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:210)","com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:177)","com.fasterxml.jackson.databind.ser.std.StdSerializer.wrapAndThrow(StdSerializer.java:199)","com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:683)","com.f [TRUNCATED] Mon Apr 10 09:42:36 UTC 2017 : AuthorizerConfigurationException

Any help would be great. Thanks in advance

2
amazon-web-servicesaws-lambdaaws-api-gateway

2 Answers

0
votes

The issue you are facing is Lambda framework related.

Essentially, Lambda will invoke the handler function and pass a serialized JSON.

public class LambdaCustomAuthorizer implements RequestHandler<AuthorizationRequestDO, Object> {


public Object handleRequest(AuthorizationRequestDO input, Context context) { }

}

When you work with custom authorizer, API gateway passes following JSON to your lambda function:

{ "type":"TOKEN", "authorizationToken":"",     "methodArn":"arn:aws:execute-api:::///" }

you should have a custom DO AuthorizationRequestDO

which is a POJO::

public class AuthorizationRequestDO {

 String authorizationToken;
 String methodArn;      


public String getAuthorizationToken() {
    return authorizationToken;
}
public void setAuthorizationToken(String authorizationToken) {
    this.authorizationToken = authorizationToken;
}
public String getMethodArn() {
    return methodArn;
}
public void setMethodArn(String methodArn) {
    this.methodArn = methodArn;
}

@Override
public String toString() {
    return "AuthorizationRequestDO [authorizationToken=" + authorizationToken + ", methodArn=" + methodArn
            + ", getAuthorizationToken()=" + getAuthorizationToken() + ", getMethodArn()=" + getMethodArn() + "]";
}

}

0
votes

Your Resource property should be a single string value.

{
    "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Resource": "arn:aws:execute-api:us-east-1:1234567:myapiId/staging/POST/*",
        "Effect": "Allow"
      }
    ]
    },
    "principalId": "User123"
}