Is it possible to add an HTTP header from AWS Custom Auth on API gateway?

Question

I am using Custom Auth on AWS API Gateway, but I would like to add an extra HTTP header depending on the result. Does anyone know if this is possible, or how to do it. If it is not, is there an idea of if or when this will be possible?

Many thanks.

Answer 1

We recently added support for this. Docs should be up soon.

Now you can return an object like this from the authorizer function:

{
  "principalId": "xxxxxxxx", // The principal user identification associated with the token send by the client.
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow|Deny",
        "Resource": "arn:aws:execute-api:<regionId>:<accountId>:<appId>/<stage>/<httpVerb>/[<resource>/<httpVerb>/[...]]"
      }
    ]
  },
  "context" : {
    "key" : "value",
    "numKey" : 1,
    "boolKey" : true
  }
}

Arrays and objects aren't allowed, only string/number/boolean as valid JSON. The root key must be named context.

You can access those values in the request $context like so:

$context.authorizer.key -> value 
$context.authorizer.numKey -> 1
$context.authorizer.boolKey -> true

So to answer your question, you wont' be able to conditionally add the header, but you could set the header value to $context.authorizer.yourKey and if yourKey isn't set in the authorizer response, the header value would be blank (but the header would still be sent).

Edit:

Docs are live http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html

Answer 2

You can only get PrincipalId from authorizer result, in your integration request, you can map a header value using context.authorizer.principalId