Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS API Gateway with external authentication

I've built a backend which distributed on several EC2 instances (microservice architecture) and I'm using AWS API Gateway to channel all the requests through a single endpoint. I also built a token-based request authentication system, which requires that every request validates a token on the Auth Service before it is completed.

Is there anyway to tell API Gateway to do the verification by calling the Auth Service itself, rather than having to implement it myself on every endpoint of the backend?

like image 822
Santiago Martí Olbrich Avatar asked Dec 18 '15 18:12

Santiago Martí Olbrich


People also ask

Does API gateway handle authentication?

API Gateway supports multiple authentication methods that are suited to different applications and use cases. API Gateway uses the authentication method that you specify in your service configuration to validate incoming requests before passing them to your API backend.

Does AWS API gateway support OAuth?

Note: This post focuses on Amazon API Gateway REST APIs used with OAuth 2.0 and custom AWS Lambda authorizers. API Gateway also offers HTTP APIs, which provide native OAuth 2.0 features.


1 Answers

Api Gateway team here.

Thanks for your feedback. We have this item on our roadmap and we'll definitely work on addressing it. For now, you'll have to implement it outside Api Gateway.

EDIT 2/17

We've now launched custom authorizers, a new feature that adds a Lambda-based auth layer on your API Gateway RestApi.

Blog post - https://aws.amazon.com/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/ Docs - http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html

like image 51
jackko Avatar answered Nov 15 '22 06:11

jackko