Websockets Authorizer function is not triggered by Querystring identifier

Question

When changing the Identifier of our Authorizer function from sourcetype Header to sourcetype Querystring our Authorization Lambda was not starting up and created no logs.  
  
as an example:

```
()=>new WebSocket('wss://x0x0x0x0x0.execute-api.eu-central-1.amazonaws.com/dev?authorizationToken=' + headers.Auth)
```

Accepted Answer

According to your screenshot, you didn't change the identity source but you added additional identity source. Unless the request has both header and query string, your authorizer will not be triggered.  
If you want to use query string, remove the header identity source.

Answer

Hi,  
  
I have taken the topic from sahin at GPMES.  
  
We had multible problems, which has been solved now.  
  
1. Yes, there can only be one identity source. With multible sources it is not working.  
2. A Cloudformation deploy is not updating the api gateway directly. We have to deploy the updated api description with boto3 or aws cli  
3. route.request.querystring.authorizationToken is not working. we switched to route.request.querystring.token, which is working well. I don't know, authorizationToken is to long as querystring or something else ...  
  
My cloudformation block looks now like this:

```
AuthorizerFuncWebsocketsAuthorizer:
  Type: 'AWS::ApiGatewayV2::Authorizer'
  Properties:
    ApiId: !Ref WebsocketsApi
    Name: !Sub ${AWS::StackName}-cognito-auth
    AuthorizerType: REQUEST

    AuthorizerUri:
      Fn::Sub:
        arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiCognitoAuthenticatorApi.Arn}/invocations
    IdentitySource:
      - route.request.querystring.token
```

Answer

Thanks!

Websockets Authorizer function is not triggered by Querystring identifier

Conteúdo relevante