Hey there i am using custom lambda authorizer to authorize my api routes in API Gateway . Iam using HTTP API. following is my code
Note: Iam using HTTP API in api gateway
/*
** custom authorizer for admin
*/
export const customAuthMiddlewareForAdmin = async (event: APIGatewayEvent) => {
console.log('customAuthMiddlewareForAdmin payload event', event);
const authorizationHeader =
event?.headers?.Authorization || event?.headers?.authorization || null;
console.log('authorizationHeader', authorizationHeader);
if (authorizationHeader) {
console.log('allowed');
try {
// verifyning token
const userData = await apiUtils.verifyCognitoToken(authorizationHeader);
console.log('userData: in authorizer', userData);
if (userData) {
// checking the token user
const isUser = await userService.getUser(`USER-${userData?.sub}`);
console.log('isUser', isUser);
if (!isUser) {
throw new Error('Token user not found');
}
if (!isUser?.isAdmin) {
throw new Error('Only admin allowed to access this resource');
}
}
// return next();
return {
isAuthorized: true,
context: {
stringKey: 'exampleValue',
},
};
} catch (error) {
console.log('ERROR AUTHORIZATION admin', error);
return {
isAuthorized: false,
context: {
stringKey: 'exampleValue',
},
};
}
} else {
console.log('denied');
throw Error('Token required');
}
};
But every time its showing status 403 with a message of "forbidden" when ever i pass isAuthorized = false. The problem is i want to customize the error message i search alot for days but don't find any solution up till now. How do i am gonna change error message for lamdba authorizer. all solution available is for REST API not the HTTP API.
AWS OFFICIALAktualisiert vor einem Jahr
Have you tried implementing test directly in Lambda just to validate?