I have successfully implemented a Lambda authorizer for my AWS API Gateway, but I want to pass a few custom properties from it to my Node.js endpoint. My output from my authorizer follows the format specified by AWS, as seen below. <pre class="prettyprint"><code>{ "principalId": "yyyyyyyy", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow|Deny", "Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]" } ] }, "context": { "company_id": "123", ... } } </code></pre> In my case, <code>context</code> contains a few parameters, like <code>company_id</code>, that I would like to pass along to my Node endpoint. If I was to use a Lambda endpoint, I understand that this is done with Mapping Template and something like this: <pre class="prettyprint"><code>{ "company_id": "$context.authorizer.company_id" } </code></pre> However, Body Mapping Template is only available under Integration Request if Lambda is selected as Integration type. Not if HTTP is selected. In short, how do I pass <code>company_id</code> from my Lambda authorizer to my Node API?

Most of the credit goes out to @Michael-sqlbot in the comments to my question, but I'll put the complete answer here if someone else finds this question. Authorizer Lambda It has to return an object in this format, where context contains the parameters you want to forward to your endpoint, as specified in the question. <pre class="prettyprint"><code>{ "principalId": "yyyyyyyy", "policyDocument": { "Version": "2012-10-17", "Statement": [{ "Action": "execute-api:Invoke", "Effect": "Allow|Deny", "Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]" }] }, "context": { "company_id": "123", <-- The part you want to forward ... } } </code></pre> Method Request Under Method Request / HTTP Request Headers, add the context property you want to forward: <ul> <li>Name: <code>company_id</code> </li> <li>Required: optional </li> <li>Cashing: optional </li> </ul> Integration Request And under Integration Request / HTTP Headers, add: <ul> <li>Name: <code>company_id</code> </li> <li>Mapped from: <code>context.authorizer.company_id</code> </li> <li>Cashing: optional </li> </ul>

If you're using <code>lamda-proxy</code>, you can access the context from your <code>event.requestContext.authorizer.context</code>. So your <code>company_id</code> can be accessed using <code>event.requestContext.authorizer.context.company_id</code>.

How to pass API Gateway authorizer context to a HTTP integration

I have successfully implemented a Lambda authorizer for my AWS API Gateway, but I want to pass a few custom properties from it to my Node.js endpoint.

My output from my authorizer follows the format specified by AWS, as seen below.

{
  "principalId": "yyyyyyyy",
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow|Deny",
        "Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]"
      }
    ]
  },
  "context": {
    "company_id": "123",
    ...
  }
}

In my case, context contains a few parameters, like company_id, that I would like to pass along to my Node endpoint.

If I was to use a Lambda endpoint, I understand that this is done with Mapping Template and something like this:

{
  "company_id": "$context.authorizer.company_id"
}

However, Body Mapping Template is only available under Integration Request if Lambda is selected as Integration type. Not if HTTP is selected.

In short, how do I pass company_id from my Lambda authorizer to my Node API?

What should be returned from an API gateway authorizer?

If the API uses a usage plan (the apiKeySource is set to AUTHORIZER ), the Lambda authorizer function must return one of the usage plan's API keys as the usageIdentifierKey property value.

Most of the credit goes out to @Michael-sqlbot in the comments to my question, but I'll put the complete answer here if someone else finds this question.

Authorizer Lambda

It has to return an object in this format, where context contains the parameters you want to forward to your endpoint, as specified in the question.

{
  "principalId": "yyyyyyyy",
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [{
      "Action": "execute-api:Invoke",
      "Effect": "Allow|Deny",
      "Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]"
    }]
  },
  "context": {
    "company_id": "123", <-- The part you want to forward
    ...
  }
}

Method Request

Under Method Request / HTTP Request Headers, add the context property you want to forward:

Name: company_id
Required: optional
Cashing: optional

Integration Request

And under Integration Request / HTTP Headers, add:

Name: company_id
Mapped from: context.authorizer.company_id
Cashing: optional

If you're using lamda-proxy, you can access the context from your event.requestContext.authorizer.context.

So your company_id can be accessed using event.requestContext.authorizer.context.company_id.

How to pass API Gateway authorizer context to a HTTP integration

Tags:

node.js

lambda

amazon-web-services

aws-api-gateway

Magnus Engdal

People also ask

2 Answers

Magnus Engdal

Noel Llevares

Recent Activity

Donate For Us

How to pass API Gateway authorizer context to a HTTP integration

Tags:

node.js

lambda

amazon-web-services

aws-api-gateway

Magnus Engdal

People also ask

2 Answers

Magnus Engdal

Noel Llevares

Related questions

Recent Activity

Donate For Us