How to send the token in aws appsync lambda authorizer?

Question

this is my amplify app sync schema grapgql

```
type ClientDetails @model @auth(rules: [{ allow: custom }]) {
  id: ID!
  tenant: ID
  OrganizationName: String!
  SuperUser: String!
}
```

my lambda authorizer code was,

```
export const handler = async (event) => {
  console.log(`EVENT: ${JSON.stringify(event)}`);
  const {
    authorizationToken,
    requestContext: { apiId, accountId },
  } = event;
  const response = {
    isAuthorized: authorizationToken === 'custom-authorized',
    resolverContext: {
      userid: 'user-id',
      info: 'contextual information A',
      more_info: 'contextual information B',
    },
    deniedFields: [
      `arn:aws:appsync:${process.env.AWS_REGION}:${accountId}:apis/${apiId}/types/Event/fields/comments`,
      `Mutation.createEvent`,
    ],
    ttlOverride: 300,
  };
  console.log(`response >`, JSON.stringify(response, null, 2));
  return response;
};
```

Why do I only send  **(authorizationToken === 'custom-authorized')**, I want to send the  **Bearer Tokens**  (Access, ID, and Referesh) in that authorization. but I don't know how to do that!

Answer

Hello,

From your query, I could understand that you would like to implement lambda authorizer with Appsync and understand that you are referring example code of the Lambda function from this blog [1].

Please note that, the provided example code is designed to demonstrate Appsync to Lambda authorizer integration with minimal functionality and validate a static Authorization code.

===========

const response = {

isAuthorized: authorizationToken === 'custom-authorized',

===========

Thus, you need to send static authorization code only "Authorization:custom-authorized"
$ curl -XPOST -H "Content-Type:application/graphql" -H "Authorization:custom-authorized" -d '{"query": "query { listEvents { items { id } } }"}' https://YOURAPPSYNCENDPOINT/graphql

Further, to validate Bearer (JWT) Tokens in your Lambda function, you need to update the Lambda authorizer code accordingly to parse the JWT token received and validate the same as per your requirement.
Additionally, I have found few third party links with examples here [2] [3]. Kindly note that, AWS does not endorse any third party link, however, this is shared only for reference purpose.

============================

Reference :

[1] https://aws.amazon.com/blogs/mobile/appsync-lambda-auth/

[2] https://github.com/mikaelvesavuori/lambda-auth-jwt-demo/blob/main/src/controllers/AuthController.ts

[3] https://github.com/tomoima525/auth0-appsync-custom-authorizer/blob/main/functions/authorizer/index.ts

How to send the token in aws appsync lambda authorizer?

相關內容