By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Return 401 Unauthorized Response when using Lambda Authorizer with API Gateway

0

I'm finding a way to return 401 error from Lambda Authorizer, my Lambda function is implemented with Typescript, and I'm using async function (it's required because my function use some packages which return Promise object). I already tried the way from docs: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

case 'unauthorized':
            callback('Unauthorized');   // Return a 401 Unauthorized response
            break;

And from here https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/blob/master/blueprints/nodejs/index.js

callback("Unauthorized", null);

I also tried the solution

throw new Error('Unauthorized')

But all the ways return the 500 Internal Server Error instead of 401 error

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryDeveloper ToolsMicroservices
Tags
ServerlessAWS LambdaAmazon API GatewayDeveloper ToolsMicroservices
Language
English
Long Ngo
asked 3 months ago512 views
2 Answers
0

Hi , You can try official docs help or

import { Handler, APIGatewayAuthorizerResult } from 'aws-lambda';

export const handler: Handler = async (event, context, callback): Promise<APIGatewayAuthorizerResult> => {
    try {
        // 1. Your authorization logic (using awaited Promises if needed)
        const token = event.authorizationToken; 
        if (!token || !await isValidToken(token)) {
            return { 
                principalId: 'user', // Arbitrary value
                policyDocument: {
                    Version: '2012-10-17',
                    Statement: [{
                        Action: 'execute-api:Invoke',
                        Effect: 'Deny',
                        Resource: event.methodArn 
                    }]
                }
            }; 
        }

        // 2. Successful authorization - Return an Allow policy
        return { 
            principalId: 'user', // Identify the user 
            policyDocument: {
                Version: '2012-10-17',
                Statement: [{
                    Action: 'execute-api:Invoke',
                    Effect: 'Allow',
                    Resource: event.methodArn 
                }]
            }
        }; 

    } catch (error) {
        console.error('Authorization error:', error);
        // For simplicity, handle errors as Unauthorized
        callback('Unauthorized'); 
    }
};

// Helper function for your token validation logic
async function isValidToken(token: string): Promise<boolean> {
    // Your token validation logic here
    // ...
}

Authorization Logic: Replace isValidToken with your actual token validation logic (which can now be asynchronous using await). Deny Policy: If authorization fails, return an IAM policy document with a 'Deny' effect. Ensure the Resource matches the method ARN of your API Gateway method. Allow Policy: If authorization succeeds, return an IAM policy document with an 'Allow' effect. Error Handling: Wrap your logic in a try...catch block. For simplicity, we log the error and then return an 'Unauthorized' string. You can adjust error handling for more specific responses, if desired.

i used content from aws docs that i found on github and some from huggingface...hope it helps

Gagan Singh
answered 3 months ago
0

You could look into this guide for general troubleshooting: https://repost.aws/knowledge-center/api-gateway-401-error-lambda-authorizer.

From your description could be that you need to “block” those asynchronous processes by awaiting them inside the lambda handler.

profile picture
EXPERT
Antonio_Lagrotteria
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content