By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to send the token in aws appsync lambda authorizer?

0

this is my amplify app sync schema grapgql

type ClientDetails @model @auth(rules: [{ allow: custom }]) {
  id: ID!
  tenant: ID
  OrganizationName: String!
  SuperUser: String!
}

my lambda authorizer code was,

export const handler = async (event) => {
  console.log(`EVENT: ${JSON.stringify(event)}`);
  const {
    authorizationToken,
    requestContext: { apiId, accountId },
  } = event;
  const response = {
    isAuthorized: authorizationToken === 'custom-authorized',
    resolverContext: {
      userid: 'user-id',
      info: 'contextual information A',
      more_info: 'contextual information B',
    },
    deniedFields: [
      `arn:aws:appsync:${process.env.AWS_REGION}:${accountId}:apis/${apiId}/types/Event/fields/comments`,
      `Mutation.createEvent`,
    ],
    ttlOverride: 300,
  };
  console.log(`response >`, JSON.stringify(response, null, 2));
  return response;
};

Why do I only send (authorizationToken === 'custom-authorized'), I want to send the Bearer Tokens (Access, ID, and Referesh) in that authorization. but I don't know how to do that!

Topics
ServerlessFront-End Web & MobileApplication IntegrationCompute
Tags
AWS AppSyncAWS LambdaAWS Amplify
Language
English
NareshKumar
asked 4 months ago240 views
1 Answer
0

Hello,

From your query, I could understand that you would like to implement lambda authorizer with Appsync and understand that you are referring example code of the Lambda function from this blog [1].

Please note that, the provided example code is designed to demonstrate Appsync to Lambda authorizer integration with minimal functionality and validate a static Authorization code.

===========

const response = {

isAuthorized: authorizationToken === 'custom-authorized',

===========

Thus, you need to send static authorization code only "Authorization:custom-authorized" $ curl -XPOST -H "Content-Type:application/graphql" -H "Authorization:custom-authorized" -d '{"query": "query { listEvents { items { id } } }"}' https://YOURAPPSYNCENDPOINT/graphql

Further, to validate Bearer (JWT) Tokens in your Lambda function, you need to update the Lambda authorizer code accordingly to parse the JWT token received and validate the same as per your requirement. Additionally, I have found few third party links with examples here [2] [3]. Kindly note that, AWS does not endorse any third party link, however, this is shared only for reference purpose.

============================

Reference :

[1] https://aws.amazon.com/blogs/mobile/appsync-lambda-auth/

[2] https://github.com/mikaelvesavuori/lambda-auth-jwt-demo/blob/main/src/controllers/AuthController.ts

[3] https://github.com/tomoima525/auth0-appsync-custom-authorizer/blob/main/functions/authorizer/index.ts

AWS
SUPPORT ENGINEER
rePost-User-1490882
answered 4 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed 24 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content