I've built a backend which distributed on several EC2 instances (microservice architecture) and I'm using AWS API Gateway to channel all the requests through a single endpoint. I also built a token-based request authentication system, which requires that every request validates a token on the Auth Service before it is completed.
Is there anyway to tell API Gateway to do the verification by calling the Auth Service itself, rather than having to implement it myself on every endpoint of the backend?
API Gateway supports multiple authentication methods that are suited to different applications and use cases. API Gateway uses the authentication method that you specify in your service configuration to validate incoming requests before passing them to your API backend.
Note: This post focuses on Amazon API Gateway REST APIs used with OAuth 2.0 and custom AWS Lambda authorizers. API Gateway also offers HTTP APIs, which provide native OAuth 2.0 features.
Api Gateway team here.
Thanks for your feedback. We have this item on our roadmap and we'll definitely work on addressing it. For now, you'll have to implement it outside Api Gateway.
EDIT 2/17
We've now launched custom authorizers, a new feature that adds a Lambda-based auth layer on your API Gateway RestApi.
Blog post - https://aws.amazon.com/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/ Docs - http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With