I have users authenticating using cognito user pool. The application uses OAUTH2 style authentication to get a id token which then gets passed to a API gateway cognito authorizer.
I would like to also have users to just pass in their access key/secret key, without them really logging in to cognito.
How would I get a authorizer that can handle both scenarios?
Unless you have access to the users secret key in plain text (which you ideally should not) you cannot. Basically API-GW or for that matter other AWS services recreate the AWS V4 Sig to authenticate the request.
In the Authorizer Lambda you may have access to things like path, query string, headers etc but you will not have access to the secret key and hence cannot really authenticate the user. So I don't believe this mixed model would be possible.
