Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTTP API Gateway JWT Authorizer to take identity source from cookie

Tags:

cookies

authorization

jwt

aws-api-gateway

I am working with HTTP API Gateway with JWT Authorizer. I have got it to work with placing the JWT in the Authorization header with the request. However, due to a requirement, I need to be able to place the JWT in the Cookie header instead. I am not able to get the API Gateway to pick a particular cookie inside the Cookie header. I tried the following identity source expressions:

  1. $request.header.Cookie.[myCookieName]
  2. $request.header.Cookie.myCookieName

None of them worked and I am not sure what else could be done. Does HTTP API version of API gateway supports this? If it does, any suggestions?

The alternate solution would be to use the REST version with a custom authorizer lambda but I do not want to go that route because of another problem not mentioned here.

like image 314
Ashish Goel Avatar asked Mar 26 '20 05:03

Ashish Goel

People also ask

How does API gateway authorizer caching work?

API Gateway uses the specified identity sources as the request authorizer caching key. When caching is enabled, API Gateway calls the authorizer's Lambda function only after successfully verifying that all the specified identity sources are present at runtime.

What should be returned from an API gateway authorizer?

If the API uses a usage plan (the apiKeySource is set to AUTHORIZER ), the Lambda authorizer function must return one of the usage plan's API keys as the usageIdentifierKey property value.

How do you authenticate using JWT tokens?

To authenticate a user, a client application must send a JSON Web Token (JWT) in the authorization header of the HTTP request to your backend API. API Gateway validates the token on behalf of your API, so you don't have to add any code in your API to process the authentication.

1 Answers

Accessing cookies is currently not possible.

Such a feature request has been posted on AWS Forums and is in the backlog.

like image 171
tomasz Avatar answered Nov 10 '22 11:11

tomasz
Sign in to Comment

Related questions

React-native, clear webview cookie?
Cross-Domain Cookie not sent to application after redirect
ASP.NET MVC Authentication Cookie Not Being Retrieved
IE equivalent for GM_setValue and GM_getValue (Greasemonkey storage)
Is Flash scope free of race conditions?
Strategy for mitigating race conditions when updating cookies?
Cookies not setting in Safari 6
How to encrypt cookies on android apps using Phonegap/Cordova
Keep user logged in when mobile browser closes (Rails)
How do I make Chrome send cookies with WebSocket handshake request?
How to send a cookie along with HttpGet in Java
Race Condition for Persistent "Remember Me" Cookies
Suppressing auto-creation of sessions in RoR, for the glory of Europe
Correct cookie management
cookie support in cordova official documentation
How to deal with a front-end that does not share the same domain in Django
How to set cookieAcceptPolicy for ephemeral NSURLSession
How does Opera copy Chrome cookies
How to get Cookies with HttpURLConnection in Java?
How to overcome the effect of chrome's samesite cookie update in the case of localhost?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!