I am working with HTTP API Gateway with JWT Authorizer. I have got it to work with placing the JWT in the Authorization
header with the request. However, due to a requirement, I need to be able to place the JWT in the Cookie header instead. I am not able to get the API Gateway to pick a particular cookie inside the Cookie header. I tried the following identity source expressions:
None of them worked and I am not sure what else could be done. Does HTTP API version of API gateway supports this? If it does, any suggestions?
The alternate solution would be to use the REST version with a custom authorizer lambda but I do not want to go that route because of another problem not mentioned here.
API Gateway uses the specified identity sources as the request authorizer caching key. When caching is enabled, API Gateway calls the authorizer's Lambda function only after successfully verifying that all the specified identity sources are present at runtime.
If the API uses a usage plan (the apiKeySource is set to AUTHORIZER ), the Lambda authorizer function must return one of the usage plan's API keys as the usageIdentifierKey property value.
To authenticate a user, a client application must send a JSON Web Token (JWT) in the authorization header of the HTTP request to your backend API. API Gateway validates the token on behalf of your API, so you don't have to add any code in your API to process the authentication.
Accessing cookies is currently not possible.
Such a feature request has been posted on AWS Forums and is in the backlog.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With